Using Selenium I am accessing protected pages. I need to put the credentials into the URL to prevent the .htaccess popup from appearing. This is the method suggested in Selenium documentation.
One of the locations I need to access has a hash character in the password, and this causes the browser (both Chrome and Firefox) to not understand the URL and treat it as a search term.
e.g. http://user:pass#example.com/ gets through, but http://user:pa#ss#example.com/ is not recognised as a URL.
How can I "encode" the hash?
You should use Percent-encoding to encode the hash with %23.
See also:
How to escape hash character in URL
Related
Like the question says, how do I add a parameter to a URL?
Example:
When you click on a link to get a featured product on Product Hunt, the URL is appended with ?ref=producthunt.
Can I just add a parameter like this manually to the few links that I have on my website? Are there any scenarios where this might be suboptimal to do?
The parameters in the URL correspond to the superglobal $_GET array.
It means that if your URL is in the form
www.domain.com?key1=val1&key2=val2 ,
then $_GET[key1] contains val1 , and so on.
It is perfectly legitimate to add these parameters manually in a link (a typical use case would be a login button, which redirects you to the current URL and appends &todo=login . You can then add a bit of PHP code that triggers the login process when $_GET contains the value 'login' at the key 'todo').
The other way of adding these parameters is forms. In an HTML form, you specify a 'method' which can be 'get' or 'post'.
If you choose 'get', when the form is submitted, the URL will automatically be appended with the form answers.
NB: It is generally NOT SAFE to directly read values from the $_GET, as the user can fill it with any value (just by changing the URL) so it is good practice to use filters that ensure inputs are safe. Check http://www.w3schools.com/php/php_filter.asp for more on filters
The parameters added to the url is called query string and they have a format
it must start will ?
every paraper will be seperated with &
Example: http://www.yoururl.com?name=myname&age=34&ect=somethingelse
The mistake you did is by putting ?= which is not converted by your web server.
you can pas like '?websitename=website-name'
Querystring parameters are key value pairs that are separated from the URL's domain and path with a ? and separated from each other with an &, i.e ?key=value&key2=value2.
The values can be accessed client-side (in Javascript) and server-side by the webserver or by a server-side language is being used, PHP, ASP.NET, Java.
Some values should be encoded using a function such as encodeURIComponent to ensure that they are valid.
Risks
You need to be careful that the querystring does not contain any sensitive information such as a sequential order number, i.e ?order=5 as someone could manually change the value to see another user's order (?order=6, if no other authentication in place). The order value should be encrypted so it cannot be guessed. Also, do not execute any code passed in on the querystring with eval() as the contents could be changed by a malicious user to execute a crosssite scripting (XSS) attack on another user and steal their cookie or login credentials.
Is there a way to make a GET request in Siesta, while providing parameter, like http://example.com/api/list.json?myparam=1?
I tried with
myAPI.resource("list.json?myparam=1")
but the question mark gets escaped.
Then I tried with
myAPI.resource("list.json").request(.GET, urlEncoded:["myparam": "1"])
but it always fails with "The network connection was lost.", but all other requests succeed, so the message is wrong.
You are looking for withParam:
myAPI.resource("list.json").withParam("myparam", "1")
The Service.resource(_:) method you are trying to use in your first example specifically avoids interpreting special characters as params (or anything except a path). From the docs:
The path parameter is simply appended to baseURL’s path, and is never interpreted as a URL. Strings such as .., //, ?, and https: have no special meaning; they go directly into the resulting resource’s path, with escaping if necessary.
This is a security feature, meant to prevent user-submitted strings from bleeding into other parts of the URL.
The Resource.request(_:urlEncoded:) method in your second example is for passing parameters in a request body (i.e. with a POST or PUT), not for parameters in the query string.
Note that you can always use Service.resource(absoluteURL:) to construct a URL yourself if you want to bypass Siesta’s URL component isolation and escaping features.
In order to maintain the current set of Urls in a project, I have to be able to use the # (pound sign) in the Url. For some reason the pound sign does not appear to work normally in this project for UrlMappings.groovy.
Is there a special escape-sequence that must be used when placing # signs in UrlMappings.groovy?
Am I missing some reason why one cannot use pound signs at all?
In the following URL Mapping example, the browser goes to the correct page, but the pageName variable is null:
"/test/${urlName}#/overview"(controller:'test', action:'overview') {
pageName = "overview"
}
I thought everything after # in the url would be treated on the client side of the browsers where it tries to find a and scroll to that location.
If you dump the request containing the pound char, do you even see the data behind #?
I used a Named URL mapping and it works fine, no need to escape the "#" sign:
name test: "/#abc" (controller: 'test', action:'homepage')
EDIT: My above answer is wrong. In fact, it falls to a special case when homepage is the default action of the view.
Netbrain is right, the path after "#" will never be sent to server. In stead, I found that it's possible using "%23" instead of "#". Please take a look at here.
For example, instead of /test#/abc we should use /test%23/abc as URL mapping (both at client side & server side).
if i do this:
<a target="_blank" href="<%=Url.Encode(sitelink)%>"> LINK TO SITE</a>
I get the link encoded but prepended with the current local domain "http://localhost/http://...."
whats the proper way to do this
The Url.Encode method is used to escape special characters for usage in the query part of a url - it's not meant to be applied to the entire url, because that will escape things like the :// at the beginning (which is why you get the local domain prepended, because it's no longer a full URL, instead getting interpreted as a relative url).
My app is sending users email with the following:
https://blah.chacha.com/feedback/##comment-reply-169
But for some reason, sometimes when the URL is loaded in some of the user's browsers the ## are being converted to something like:
https://blah.chacha.com/feedback/#%23comment-reply-169
Any ideas what's going on here and why?
The # character isn’t valid in a fragment identifier, so it’s being escaped automatically. You should either avoid using that character inside a fragment, or explicitly unescape the value before using it.