Thymeleaf th:text displaying wrong value on encoded parameter - thymeleaf

The URL of the template is:
http://localhost:8080/login?error=Usu%E1rio%20inexistente%20ou%20senha%20inv%E1lida
where, for example, %E1 is á
I'm trying to display the value of the param error on the page using this code:
but a wrong value with special character is being displayed.

Welcome to SO.
I see two ways you can try:
1) Use the utility for an HttpServletRequest:
<p th:utext="${#httpServletRequest.getParameter('error')}">[error message]</p>
This is getting the value of the error parameter from the request.
2) Use the typical usage for getting the value of a param:
<p th:utext="${param.error}">[error message]</p>
In either case, you can use th:if to check for null. You can use utext to get the unescaped text so that unusual characters display.
Also, check that your character encoding is set to UTF-8. In your config, it would look something like:
resolver.setCharacterEncoding(StandardCharsets.UTF_8.name());
or
resolver.setCharacterEncoding("UTF-8");

Instead of trying to decode the URL, I first encoded the error message where it was generated using URLEncoder.encode(errorMessage). So, the URL changed to http://localhost:8080/login?error=Usuário+inexistente+ou+senha+inválida. Then, I didn't need to decode. I only used th:text="${param.msgError}

Related

Go Integrator with Nextiva sending invalid URL

Has anyone ever used Go Integrator that Nextiva provides to send encoded urls? I have it sending a formatted variable to show the callers phone number, but any percent symbols get changed to an invalid code. Example:
websiteaddress.com/search?query=fieldvalue%3A%%Call\Contact\DisplayTel%
fieldvalue requires the colon (%3A) after to properly search the variable passed, and I added a % after %3A as without the extra % it would send the link but remove all the % symbols for the variable (Call\Contact\DisplayTel rather than the variable 916-555-1234).
For some reason when I send the URL it encodes the %3A as %03 instead, giving me a weird ASCII placeholder, showing this URL instead:
websiteaddress.com/search?query=fieldvalue%03916-555-1234
Any help would be appreciated
Figured it out. Go Integrator wants the actual characters and NOT pre-encoded URL's. Thus, the link should show:
websiteaddress.com/search?query=fieldvalue:%Call\Contact\DisplayTel%

Base 64 encoded querystring parameter getting characters replaced

I have a querystring parameter that is an encoded string that gets converted to Base64. That parameter is then embedded in a link within an email. When I click the link in the email, the querystring parameter has had all the + characters within it replaced by space characters. There are no other differences. Is there a method I can call to sanitise the string and effectively replace the spaces with pluses again. I'm currently doing a string replace which is a bit fat hack. Something is causing the replacement but I'm not sure what. Has anyone come across anything like this before?
Example - querystring parameter value within URL of the browser:
yo3rZZbZyG4UCN+L3pcTYJXmWEggnkW1qcyJk2uBrVTtGUSKIlBcJ8e9TSx8BHjHJv0JhI8H6LbIqUl+3lA7qn+lOgpSi3rCGN4bm5moOWcCA449C1Z3zj7J1FkOXH2HMox4VUZ7x7fF65MRwuBBmw==
Value of string within controller action:
yo3rZZbZyG4UCN L3pcTYJXmWEggnkW1qcyJk2uBrVTtGUSKIlBcJ8e9TSx8BHjHJv0JhI8H6LbIqUl 3lA7qn lOgpSi3rCGN4bm5moOWcCA449C1Z3zj7J1FkOXH2HMox4VUZ7x7fF65MRwuBBmw==
You should URL encode the base64 string to the link, so it is:
yo3rZZbZyG4UCN%2BL3pcTYJXmWEggnkW1qcyJk2uBrVTtGUSKIlBcJ8e9TSx8BHjHJv0JhI8H6LbIqUl%2B3lA7qn%2BlOgpSi3rCGN4bm5moOWcCA449C1Z3zj7J1FkOXH2HMox4VUZ7x7fF65MRwuBBmw%3D%3D
HttpUtility.UrlEncode(base64str) in .NET, or encodeURIComponent(base64str) in javascript
you can use System.Web.HttpServerUtility.UrlTokenEncode (from http://brockallen.com/2014/10/17/base64url-encoding/#comments)
It is doing this because the + sign is interpreted as a marker to say that another parameter follows. This is why it is getting mangled. You should URL encode your string before you pass it to the server.

How exactly does Url Encoding work?

In MVC, I'm attempting to use URL routing to get the result of an action given a certain input.
Consider the following in my view:
<%=Html.ActionLink("View", "Test", new with {.id = Url.Encode(dir\file}) %>
My controller then uses HttpUtility.UrlDecode(id) to get the original. The controller itself is using File() to retrieve a file at the specified directory\file location. However, an error message pops up telling me that
A potentially dangerous Request.Path value was detected from the client (%).
The URL is showing up as
http://home/dir%255cfile.txt
I googled Url Encoding and \ is encoded as %5c. Where is the %25 coming from? It's the encoding for %, but that means Encode is being done twice. Why is that, and is that supposed to be happening?
Html.ActionLink takes care of the URL encoding for you. If you don't encode the params there, there's no need to decode it again and your issue is solved.

Why is this query string invalid?

In my asp.net mvc page I create a link that renders as followed:
http://localhost:3035/Formula/OverView?colorId=349405&paintCode=744&name=BRILLANT%20SILVER&formulaId=570230
According to the W3C validator, this is not correct and it errors after the first ampersand. It complains about the & not being encoded and the entity &p not recognised etc.
AFAIK the & shouldn't be encoded because it is a separator for the key value pair.
For those who care: I send these pars as querystring and not as "/" seperated values because there is no decent way of passing on optional parameters that I know of.
To put all the bits together:
an anchor (<a>) tag's href attribute needs an encoded value
& encodes to &
to encode an '&' when it is part of your parameter's value, use %26
Wouldn't encoding the ampersand into & make it part of my parameter's value?
I need it to seperate the second variable from the first
Indeed, by encoding my href value, I do get rid of the errors. What I'm wondering now however is what to do if for example my colorId would be "123&456", where the ampersand is part of the value.
Since the separator has to be encoded, what to do with encoded ampersands. Do they need to be encoded twice so to speak?
So to get the url:
www.mySite.com/search?query=123&456&page=1
What should my href value be?
Also, I think I'm about the first person in the world to care about this.. go check the www and count the pages that get their query string validated in the W3C validator..
Entities which are part of the attributes should be encoded, generally. Thus you need & instead of just &
It works even if it doesn't validate because most browsers are very, very, very lenient in what to accept.
In addition, if you are outputting XHTML you have to encode every entity everywhere, not just inside the attributes.
All HTML attributes need to use character entities. You only don't need to change & into & within script blocks.
Whatever
Anywhere in an HTML document that you want an & to display directly next to something other than whitespace, you need to use the character entity &. If it is part of an attribute, the & will work as though it was an &. If the document is XHTML, you need to use character entities everywhere, even if you don't have something immediately next to the &. You can also use other character entities as part of attributes to treat them as though they were the actual characters.
If you want to use an ampersand as part of a URL in a way other than as a separator for parameters, you should use %26.
As an example...
Hello
Would send the user to http://localhost/Hello, with name=Bob and text=you & me "forever".
This is a slightly confusing concept to some people, I've found. When you put & in a HTML page, such as in <a href="abc?def=5&ghi=10">, the URL is actually abc?def=5&ghi=10. The HTML parser converts the entity to an ampersand.
Think of exactly the same as how you need to escape quotes in a string:
// though you define your string like this:
myString = "this is \"something\" you know?"
// the string is ACTUALLY: this is "something" you know?
// when you look at the HTML, you see:
<a href="foo?bar=1&baz=2">
// but the url is ACTUALLY: foo?bar=1&bar=2

Pass URL as get parameter?

I'm trying to pass u url as parameter to a get method.
I defined a route that accepts a {*url} parameter so I can send "/" characters without it separating my parameter.
As soon as there is a ":" in the url (like in http: or localhost:3857 for example), the method never gets hit.
The Html.ActionLink method escapes it's parameter itself, but it doesn't seem to escape the ':'. I cannot escape it manually because then the escape characters get escaped by the very same Html.Actionlink method.
any ideas?
Use EncodeUrl before you pass it, and then decode it on the other side.
I ran into the same problem. I ended up removing the Html.ActionLink and replaced it with:
#item.Title
#item.ID is a url returned from the netflix api, example http://api.netflix.com/catalog/titles/series/70021357/seasons/70021357. Now my url looks like this - /Home/Movies?id=http://api.netflix.com/catalog/titles/series/70021357/seasons/70021357, and I just used Request.QueryString to get the value in the controller:
Request.QueryString.Get("id")
Probably not ideal but it works for now.
It's a bit of a hack, but you could replace the ':' with '%3A' (which is the escaped form), and see what the ActionLink does with it. If it's escaped once more, you'd have to replace the twice-escaped version back to ':' at the server, otherwise just replace '%3A' back to ':'

Resources