# Canonicalize

Canonicalize or decode the input string.

Canonicalization is simply the operation of reducing a possibly encoded string down to its simplest form. This is important because attackers frequently use encoding to change their input in a way that will bypass validation filters, but still be interpreted properly by the target of the attack.

Note that data encoded more than once is not something that a normal user would generate and should be regarded as an attack.

## Method Signature

```
Canonicalize(input=[string], restrictMultiple=[boolean], restrictMixed=[boolean], throwOnError=[boolean])
```

### Arguments

| Argument           | Type      | Required | Description                                                                                                                                                                                                                                                                                            | Default |
| ------------------ | --------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- |
| `input`            | `string`  | `true`   | The input string to be canonicalized.                                                                                                                                                                                                                                                                  |         |
| `restrictMultiple` | `boolean` | `true`   | <p>If set to true, multiple encoding is restricted. This argument can be set to true to restrict the input if multiple or<br>nested encoding is detected. If this argument is set to true, and the given input is multiple or nested encoded using<br>one encoding scheme an error will be thrown.</p> |         |
| `restrictMixed`    | `boolean` | `true`   | If set to true, mixed encoding is restricted. This argument can be set to true to restrict the input if mixed encoding is                                                                                                                                                                              |         |
| `throwOnError`     | `boolean` | `false`  | If set to true, an error will be thrown if the input is not valid. If set to false, the input will be returned as is.                                                                                                                                                                                  | `false` |

## Examples

## Related

* [DecodeFor](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/decodefor.md)
* [DecodeForBase64](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/decodeforbase64.md)
* [DecodeForHTML](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/decodeforhtml.md)
* [DecodeForJson](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/decodeforjson.md)
* [DecodeFromURL](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/decodefromurl.md)
* [EncodeFor](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/encodefor.md)
* [encodeForCSS](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/encodeforcss.md)
* [encodeForDN](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/encodefordn.md)
* [encodeForHTML](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/encodeforhtml.md)
* [encodeForHTMLAttribute](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/encodeforhtmlattribute.md)
* [encodeForJavaScript](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/encodeforjavascript.md)
* [encodeForLDAP](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/encodeforldap.md)
* [EncodeForSQL](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/encodeforsql.md)
* [encodeForURL](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/encodeforurl.md)
* [encodeForXML](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/encodeforxml.md)
* [encodeForXMLAttribute](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/encodeforxmlattribute.md)
* [encodeForXPath](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/encodeforxpath.md)
* [esapiDecode](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/esapidecode.md)
* [esapiEncode](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/esapiencode.md)
* [GetSafeHTML](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/getsafehtml.md)
* [IsSafeHTML](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/issafehtml.md)
* [SanitizeHTML](/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/sanitizehtml.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://boxlang.ortusbooks.com/boxlang-framework/modularity/esapi/reference/built-in-functions/esapi/canonicalize.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.