//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
//------------------------------------------------------------------------------
namespace System.Web.Security.AntiXss {
using System;
using System.Text;
///
/// Provides helper methods common to all Anti-XSS encoders.
///
internal static class EncoderUtil {
///
/// Gets an appropriately-sized StringBuilder for the output of an encoding routine.
///
/// The length (in characters) of the input string.
/// The worst-case ratio of output characters per input character.
/// A StringBuilder appropriately-sized to hold the output string.
internal static StringBuilder GetOutputStringBuilder(int inputLength, int worstCaseOutputCharsPerInputChar) {
// We treat 32KB byte size (16k chars) as a soft upper boundary for the length of any StringBuilder
// that we allocate. We'll try to avoid going above this boundary if we can avoid it so that we
// don't allocate objects on the LOH.
const int upperBound = 16 * 1024;
int charsToAllocate;
if (inputLength >= upperBound) {
// We know that the output will contain at least as many characters as the input, so if the
// input length exceeds the soft upper boundary just preallocate the entire builder and hope for
// a best-case outcome.
charsToAllocate = inputLength;
}
else {
// Allocate the worst-case if we can, but don't exceed the soft upper boundary.
long worstCaseTotalChars = (long)inputLength * worstCaseOutputCharsPerInputChar; // don't overflow Int32
charsToAllocate = (int)Math.Min(upperBound, worstCaseTotalChars);
}
// Once we have chosen an initial value for the StringBuilder size, the StringBuilder type will
// efficiently allocate additionally blocks if necessary.
return new StringBuilder(charsToAllocate);
}
}
}