I am creating a link that creates URL parameters that contains links with URL parameters.
The issue is that I have a link like this
http://mydomain/_layouts/test/MyLinksEdit.aspx?auto=true&source=
http://vtss-sp2010hh:8088/AdminReports/helloworld.aspx?pdfid=193
&url=http://vtss-sp2010hh:8088/AdminReports/helloworld.aspx?pdfid=193%26pdfname=5.6%20Upgrade
&title=5.6 Upgrade
This link goes to a bookmark adding page where it reads these parameters.
auto is wheather to read the following parameters or not
source is where to go after you finish adding or cancelling
url is the bookmark link
title is the name of the bookmark
The values of url and title get entered into 2 fields. Then the user has to click save or cancel.
The problem is when the bookmark page enters the values into the field, it will decode them.
Then if you try to save, it will won't let you save because the pdfname value in the url value has a space in it. It needs the link to not have any spaces. So basically, I want it so that after it enters it in the field, it will still be a %20 instead of a space.
There isn't a problem with source, auto, or title, just the url...
Is there a way to solve this? Like maybe a special escape character I can use for the %20?
Note: I cannot modify the bookmark page.
I am using c#/asp.net to create the link and go to it.
Thanks
Since .NET Framework 4.5 you can use WebUtility.UrlEncode.
It resides in System.dll, so it does not require any additional references.
It properly escapes characters for URLs, unlike Uri.EscapeUriString
It does not have any limits on the length of the string, unlike Uri.EscapeDataString, so it can be used for POST requests
System.Net.WebUtility.UrlEncode(urlText)
Another option is
System.Uri.EscapeDataString()
Uri.EscapeDataString() and Uri.UnescapeDataString() are safe comparing to UrlEncode/UrlDecode methods and does not convert plus characters into spaces when decoding.
Some details from another user: http://geekswithblogs.net/mikehuguet/archive/2009/08/16/134123.aspx
Just use HttpUtilty's UrlEncode method right before you hand off the url;
string encoded = HttpUtility.UrlEncode(url);
Related
I'm having problems creating a query string and sending it to another webpage.
The text I'm trying to send is long and has special characters. Here is an example:
Represent a fraction 1/𝘣 on a number line diagram by defining the interval from 0 to 1 as the whole and partitioning it into 𝘣 equal parts. Recognize that each part has size 1/𝘣 and that the endpoint of the part based at 0 locates the number 1/𝘣 on the number line.
I can send this just fine if I hand code it:
<a href="Default.cshtml?standardText=Represent a fraction 1/𝘣 on a number line diagram by defining the interval from 0 to 1 as the whole and partitioning it into 𝘣 equal parts. Recognize that each part has size 1/𝘣 and that the endpoint of the part based at 0 locates the number 1/𝘣 on the number line.">
Link Text
</a>
This goes through without any problems, and I can read the entire Query String on the other side.
But if I am creating the link programmatically, my query string gets cut off right before the first character reference. I am using the following setup in a helper function:
string url = "Default.cshtml";
url += "?standardText=" + standard.text;
Link Text
When I use this, I only get "Understand a Fraction as 1/" and then it stops.
When I look at the page source, the only difference in the links is that one has actual ampersands and the second is having those turned into &
<a href="Default.cshtml?standardText=Understand a fraction 1/𝘣 as the quantity formed by 1 part when a whole is partitioned into 𝘣 equal parts; understand a fraction 𝘢/𝑏 as the quantity formed by 𝘢 parts of size 1/𝘣."
So the problem is not really the spaces, but the fact that the & is being interpreted as starting a new query string parameter.
I have tried various things [using HttpUtility.UrlEncode, HttpUtility.UrlEncodeUnicode, Html.Raw, trying to replace spaces with "+"], but the problem isn't with the spaces, its with how the character references are being handled. When I tried HttpUtility.urlEncode I got a double-encoding security error.
On the advice of OmG I tried replacing all the &s, #s, and /s using:
url = url.Replace("&","%26");
url = url.Replace("#","%23");
url = url.Replace("/","%2F");
This led to the following link:
All Items
And now when I click on the link I get a different security warning/error:
A potentially dangerous Request.QueryString value was detected from the client (standardText="...raction 1/𝘣 as the qua...").
I don't see why it is so hard to send character references through a QueryString. Is there a way to prevent Razor from converting all my &s to the & ; ? The address works fine when it is just plain "&"s.
Update: using URLDecode() on the string does not affect its character entity references, so when I try to decode the string then re-encode it, I still get the double-escape security warning.
Update: on the suggestion of #MikeMcCaughan, I tried using JS, but I am not very knowledgeable about mixing JS and Razor. I tried creating a link by dropping a script into the body like so:
<script type="text/javascript">
var a = document.createElement('a');
var linkText = document.createTextNode("my title text");
a.appendChild(linkText);
a.title = "my title text";
a.href = encodeURIComponent(#url);
document.body.appendChild(a);
</script>
But no link showed up, so I'm obviously doing it wrong.
For reference, when I try to use #Html.Raw(url),
Link Text
The &s are still turned into & ;s. the link renders as:
Link text
One simple solution is replacing the special characters by their encoding which can be accessed from here.
As you can find, replace in the string & with %26 using .replace for string. Also, replace / with %2F, # with %23, ; with %3B, and space with %20.
Also, You can do these in C# by the following function:
Server.URLEncode("<The Url>")
and in Javascript by the following function:
encodeURI("<The Url>")
Also, as you know the double-encoding is this. To prevent the double-encoding, you should have not encoded some part of the string before passing the string into the Server.URLEncode function.
I'm making an ecommerce application and I want the user to be able to put content at a URL they have specified. IF a user were to put in something like "/thank-you!", how can I clean the string to either be a valid URL or check this is valid URL format? I would want the url to basically always be hyphened between words so like "/thank-you" from "/thankyou". What's the best approach for achieving such a thing. I'm within c# using .NET MVC 4.
Alas, I cannot comment 'possible duplicate' yet (How to check whether a string is a valid HTTP URL?).
As this must be an answer however, one way to validate a string URL would be using the URI.TryCreate functioanlity. See here also https://msdn.microsoft.com/en-us/library/system.uri.trycreate(v=vs.110).aspx
URI is also the preferred data type for URLs, rather than strings.
Hope someone can tell me how I should get a Superscript tag like ² to display correctly in the text of a Dropdownlist option?
Thanks.
Probably using HTML entities:
²
instead of the actual character. But it's probably better to let C# take care of it:
string safeString = HttpUtility.HtmlEncode("your string²");
// Use the result as the displayed value in your Dropdownlist
This method will also find other problematic characters such as & and replace them accordingly. See MSDN HttpUtility.HtmlEncode for more information on this.
Edit: be advised; the resulting string from HtmlEncode will show (when used in HTML) exactly that what you have input in the method. So do not use HTML entities in your input, because then that's exactly what you'll see in the resulting page.
If you want to show m² then just enter that inside the method. .NET will take care of the rest.
Maybe unicode symbols would do the trick for you: http://tlt.its.psu.edu/suggestions/international/bylanguage/mathchart.html#super
For the superscripted two you would use ² resulting in: ²
You can write this way,
string item=HttpUtility.HtmlDecode("ml/min/1.73m²")
for more info on superscript you can see this link
http://symbolcodes.tlt.psu.edu/bylanguage/mathchart.html#super
I need to implement a "Search" box on a C# MVC application that I'm writting.
I've never had to implement a "Search" box before and I've been looking for some best practices and I'm not quite finding what I'm looking for.
I really like how the search works on stackoverflow.
If I type in a few random words, it navigates to the url http://stackoverflow/search?q=few+random+words.
If I type in title:random, it navigates to the url https://stackoverflow.com/search?q=title%3Arandom
What is happening both on the client (when I hit the enter key) and on the server to make the search happen?
I've purposely left out any thoughts I've already had on what is happening because I don't want to bias the answers (or show my ignorance).
EDIT: I'm adding some specifics to this question.
Where and how are the search terms transformed into the querystring parameters? ie few random words transformed into few+random+words,title:random transformed into title%3Arandom
Where and how is few+random+words tranformed into variables used in a query?
Is the query just one big Where clause that keeps appending "and" for each item that lands between the + signs?
I guess you could parse through the strings and do some replaces to achieve 1 and 2 but it sure looks like there is something already available that would automatically convert (and revert) the search strings. I'm trying to be prepared for my user's typing ANYTHING in the search box.
These posts will help you in understanding how it works
https://blog.stackoverflow.com/2008/10/stack-overflow-search-now-51-less-crappy/
https://blog.stackoverflow.com/2009/07/stack-overflow-search-now-61-less-crappy/
https://blog.stackoverflow.com/2011/01/stack-overflow-search-now-81-less-crappy/
Those URL's use what is called a query string. It is a "GET" request that allows the client script (javascript) as well as the back end code retrieve the users "query". In a URL whenever you see a '?' it is the beginning of the query string. This allows somebody to be like:
http://google.com?q=Stuff%20to%20Search%20here
Multiple parameters can be added via &anothercommand=somethingelse
Thus allowing a program or script to invoke a search on google without having to type anything into the box.
You can get access to the query string using the C# "Request.QueryString["parameter"]" where in this case the parameter for those stack overflow URL's would be "q".
After that, you query your database and return the results. Since I'm not sure how good at coding you are, I am not sure if you're trying to ask for the Web site, or the C# SQL side. If I am wrong, apologies.
On the Client:
The way I imagine it is happening on the client is that the script on the textbox when the form is submitted redirects to the url you mentioned and adds in those query parameters into the url string. Don't forget to url encode. This is built into javascript. i.e. space ' ' becomes '%20'
When the form submits, the server code does a check to see if there are any query string parameters of the form "q". If there are, and it is not null, it would query the database, returning that in one of a few ways, most likely through a server control.
1) That is what URL encoding is. It is a list of characters that are not supported in a URL. Thus they need to be changed. There is a standard set such as %20 for space. In javascript, you would redirect to the results page with the query string you want. prior to redirecting, use the information here to encode it. i.e. change ' ' into + or %20 (it really should be %20, I find + is usually the internet explorer way.
)
2) Query string works like a hashtable of key pair values. Using the Request.QueryString, you can select the key "q" and receive the string "few random words". That would then get substituted into your SQL query. This is done on the C# side as a very first check to see if the parameter q exists.
3) you can do your query many different ways. However, searching for "and" etc will give you many different results. What you can do is parse out a list of common words, and then rank results based on the number of results of each word. i.e. in the most simplistic of searches which would be ill advised for LARGE databases "..... Where like '%word% or '%word2%' etc. To get each word, do a string.split.
As much as I hate to do it, I have to answer my own question. What I couldn't understand is how the search words where seemingly automatically transformed into querystring encoded parameters (ie all spaces where replaced with the + sign vs. being replace with %20). I didn't understand how that was being achieved and I like it so I wanted the same abilities.
In the end, what I should have done was copy the html from SO and tried it out on my own MVC site because it turns out that the encoding is built in/automatic. I didn't have to do anything to get the functionality.
Here is the basic HTML for the search box:
<form id="frmsearch" action="~/Catalog/Search" method="get">
<input id="q" name="q" value="#q" style="width:275px;"/>
<input id="submit" name="submit" type="submit" style="font-weight:bold;" value="Search" />
</form>
Now, if you type "few random words" in the text box named "q" and click the submit button, the form action automatically takes you to "~/Catalog/Search?q=few+random+words" without any additional coding.
Now for the best part, in the controller code, the "q" parameter is automatically available as "few random words" without any additional coding as well.
Example:
public ActionResult Search(string q)
{
//q = "few random words" (no need to remove '+' signs)
var model = GetSearchResults(q)
return View(model);
}
The only thing I haven't tested out it how it would handle scripting attacks but I think I'm going to get that for free as well. : )
Hope this helps anyone who stumbles across this answer. Thank you to everyone who submitted answers trying to help. I'm sorry if my question wasn't clear enough.
I have a situation where the user is able to enter any characters they want in a URL query string.
Example:
http://localhost/default.aspx?ID=a‡jljglkjg
How can I accept special characters such as ‡, ˆ, and † in asp.net from a URL query string? I am finding that when I attempt to retrieve these URL query string these special characters gets replaced with a “?”.
Note: The user inputs these query string into the URL.
This URL is wrong according to RFC.
If they are using browser, it would normally do the ecndoing required.
If it is done by JavaScript, use encodeURIcomponent
If it is a C# app, using HttpUtility.UrlEncode here
URLs can only be sent over the Internet using the ASCII character-set.
Those characters will always be excluded, you need to find another way to do it.
See http://www.w3schools.com/tags/ref_urlencode.asp for more information about valid URLs and encoding special characters.