开发者

How can I stop the browser from url-encoding form values on GET

开发者 https://www.devze.com 2023-01-02 00:23 出处:网络
I have a form with method=\"get\".In the form I need to pass the URL of a CSS file but it is enc开发者_运维知识库oding it to http%3A%2F%2Fwww... etc.

I have a form with method="get". In the form I need to pass the URL of a CSS file but it is enc开发者_运维知识库oding it to http%3A%2F%2Fwww... etc.

Is there a way to stop the encoding of the URL as it is breaking the file.

Thanks


Background

It's a bit more subtle than one might think at first sight. For any URL, which is a specific form of the URI standard, certain characters are special. Among the special characters are `:` (scheme separator) and `/` (path or hierarchy separator), here's the full list of reserved symbols from [RFC-2396][1]:
reserved    = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" |
              "$" | ","

It has little to do with security, much more with simply following a standard: these symbols mean something special in any URI, URL or URN. When you need to use them as part of a path or a querystring (the GET request creates a query string for you), you need to escape them. The short version of escaping is: take the UTF-8 bytes as hexadecimal and precede them with a % sign. In the case of the reserved characters, that's always a single-byte character in UTF-8 and thus escaped as two hex digits.

Path to a solution

Back to your problem. You didn't mention what language you were using. But any language that works with the internet has a way of encoding or decoding URLs. Some have helper functions to decode an entire URL, but normally you are better of splitting it into a name/value pairs and then decoding it. This will give you the absolute URL-path you need.

Note: it is best to always decode query values, simply because when people type in a value, they won't know whether that value is reserved, and the browser will encode it for you. Not doing so poses a security risk.

EDIT: When you need to decode within a page, not on the server side, you're going to need JavaScript to do the job. Have a look at this page for en/decoding URLs, or use Google to find many others.


No, you can't. The encoding is required to make a valid URL.

Instead, decode the value in your receiving code (what platform are you on anyways, URL decoding is usually done automatically for you)


If you used XMLHttpRequest you can send text without encoding. You can use JavaScript to do that, but remember to set content-type to text/plain.

content-type: text/plain


No for security reason you can't do this. You have to collect and decode it at the receiving end.


When you use FORM and GET method and some special chars, you will end up with browser encoding the resulted query. For newer browsers that support changing the URL address without refreshing the page (IE10+), is possible to decode the URL query string and update the address.

I'm using a script like this:

    <script type="text/javascript">
    if (history.pushState) { //IE10+
        var newurl = window.location.protocol + "//" + window.location.host + window.location.pathname + decodeURIComponent(window.location.search);
        window.history.pushState({path:newurl},'',newurl);
    }
    </script>

This will transform a http://example.com/page.html?path=foo%2Fbar back to http://example.com/page.html?path=foo/bar


You can decode the url using javascript Function: decodeURIComponent(Url ); Because Browser encodes the Url for special characters . For example : https://www.example.com is encoded to %20https%3A%2F%2Fwww.example.com. Here the special characters are replaced by % and its ASCI value.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号