File: Security\AntiXss\EncoderUtil.cs
Project: ndp\fx\src\xsp\system\Web\System.Web.csproj (System.Web)
// <copyright file="EncoderUtil.cs" company="Microsoft">
//     Copyright (c) Microsoft Corporation.  All rights reserved.
// </copyright>
namespace System.Web.Security.AntiXss {
    using System;
    using System.Text;
    /// <summary>
    /// Provides helper methods common to all Anti-XSS encoders.
    /// </summary>
    internal static class EncoderUtil {
        /// <summary>
        /// Gets an appropriately-sized StringBuilder for the output of an encoding routine.
        /// </summary>
        /// <param name="inputLength">The length (in characters) of the input string.</param>
        /// <param name="worstCaseOutputCharsPerInputChar">The worst-case ratio of output characters per input character.</param>
        /// <returns>A StringBuilder appropriately-sized to hold the output string.</returns>
        internal static StringBuilder GetOutputStringBuilder(int inputLength, int worstCaseOutputCharsPerInputChar) {
            // We treat 32KB byte size (16k chars) as a soft upper boundary for the length of any StringBuilder
            // that we allocate. We'll try to avoid going above this boundary if we can avoid it so that we
            // don't allocate objects on the LOH.
            const int upperBound = 16 * 1024;
            int charsToAllocate;
            if (inputLength >= upperBound) {
                // We know that the output will contain at least as many characters as the input, so if the
                // input length exceeds the soft upper boundary just preallocate the entire builder and hope for
                // a best-case outcome.
                charsToAllocate = inputLength;
            else {
                // Allocate the worst-case if we can, but don't exceed the soft upper boundary.
                long worstCaseTotalChars = (long)inputLength * worstCaseOutputCharsPerInputChar; // don't overflow Int32
                charsToAllocate = (int)Math.Min(upperBound, worstCaseTotalChars);
            // Once we have chosen an initial value for the StringBuilder size, the StringBuilder type will
            // efficiently allocate additionally blocks if necessary.
            return new StringBuilder(charsToAllocate);