Base 64 encoded querystring parameter getting characters replaced - asp.net-mvc

I have a querystring parameter that is an encoded string that gets converted to Base64. That parameter is then embedded in a link within an email. When I click the link in the email, the querystring parameter has had all the + characters within it replaced by space characters. There are no other differences. Is there a method I can call to sanitise the string and effectively replace the spaces with pluses again. I'm currently doing a string replace which is a bit fat hack. Something is causing the replacement but I'm not sure what. Has anyone come across anything like this before?
Example - querystring parameter value within URL of the browser:
yo3rZZbZyG4UCN+L3pcTYJXmWEggnkW1qcyJk2uBrVTtGUSKIlBcJ8e9TSx8BHjHJv0JhI8H6LbIqUl+3lA7qn+lOgpSi3rCGN4bm5moOWcCA449C1Z3zj7J1FkOXH2HMox4VUZ7x7fF65MRwuBBmw==
Value of string within controller action:
yo3rZZbZyG4UCN L3pcTYJXmWEggnkW1qcyJk2uBrVTtGUSKIlBcJ8e9TSx8BHjHJv0JhI8H6LbIqUl 3lA7qn lOgpSi3rCGN4bm5moOWcCA449C1Z3zj7J1FkOXH2HMox4VUZ7x7fF65MRwuBBmw==

You should URL encode the base64 string to the link, so it is:
yo3rZZbZyG4UCN%2BL3pcTYJXmWEggnkW1qcyJk2uBrVTtGUSKIlBcJ8e9TSx8BHjHJv0JhI8H6LbIqUl%2B3lA7qn%2BlOgpSi3rCGN4bm5moOWcCA449C1Z3zj7J1FkOXH2HMox4VUZ7x7fF65MRwuBBmw%3D%3D
HttpUtility.UrlEncode(base64str) in .NET, or encodeURIComponent(base64str) in javascript

you can use System.Web.HttpServerUtility.UrlTokenEncode (from http://brockallen.com/2014/10/17/base64url-encoding/#comments)

It is doing this because the + sign is interpreted as a marker to say that another parameter follows. This is why it is getting mangled. You should URL encode your string before you pass it to the server.

Related

Use base64 encoded string in url cakephp

here is the solution for php Passing base64 encoded strings in URL
but because of urlencode cakephp problem I cant use it (the solution in there is not good for me)
Passing an urlencoded URL as parameter to a controller / action at CakePHP
Rawurlencode does not work either. Also I cant hash it because I need it to be reversible. Or is there some "reversible" hash function. I know that the meaning of hash is for one way, but like some way to get output similar(so I can use in the url without problems) to md5/sha* but be able to reverse.
QSN: how to use base64 encoded string in url to avoid problems, mentioned in the above link.

Controller.Json method encodes & to \u0026

I am creating an array of URLs and in my controller, using Controller.Json(array) to return the JsonResult back to a client. However one of the urls has "&" character. This character is getting encoded to \u0026. When I open this URL in the browser, the browser DOESNT interpret this as "&" character.
example: http://myserver.com/Controller/Action?id=1234\u0026lang=ENG
This doesnot lead to my controller action: Action(int id);
How can i decode this back to &. Any ideas would be useful.
Thanks.
According to the JSON spec, \u0026 is a valid part of a string, and represents the & character.
If whatever you are using to deserialise the JSON doesn't turn \u0026 back into &, then it's doing it wrong. You should use something that can deserialise it correctly, and not try to fix it after it is already broken.

How do I pass a URL as Action Parameter?

I have an action that expects a string containing a path to a resource ie "/123/something.html"
I am trying to user HttpUtility.UrlEncode() to encode the parameter but then the slashes are encoded to contain '%' characters and this results in a 400 error from the server. How can work around this in ASP.NET MVC2?
you certainly can pass those characters in a URL but they just have to be passed in the query string in the part after the question mark
Ex : http://localhost/servercrm/contacts/query?search=%25%20%25

How this URL will be decoded - Confusion in basic Http Get

Basically I need to pass three paramaters to a http as get. Here are the parameters
param1 = 3
param2 = 454
param3 = http://localhost:3000/another_test?another_param=4&another_param2=978
This transforms to
http://localhost:3000/test?param1=3&param2=454&param3=http://localhost:3000/another_test?another_param=4&another_param2=978
I am just confused whether the URL formed is correct or not. Will this work or is there anyother way to do this. I am using Rails. I did a decode and clicked on the link and I still see the above URL coming. Will this work on the receiever side, meaning will it be decoded as I had intended.
Please advise.
It should work as long as you url encode the params. In that case the & and ? will be transformed, making it possible for Rails to differentiate between the query string parameters and the query string delimiters.
To ensure that it is encoded you can use Rack::Utils.escape or Hash#to_query.
This will be decoded as:
param1=3
param2=454
param3=http://localhost:3000/another_test?another_param=4
another_param2=978
You need to encode param3, or at minimum replace the ampersands in it with the correct URL encoding, in order for it to match back up to your input parameters.

Why is this query string invalid?

In my asp.net mvc page I create a link that renders as followed:
http://localhost:3035/Formula/OverView?colorId=349405&paintCode=744&name=BRILLANT%20SILVER&formulaId=570230
According to the W3C validator, this is not correct and it errors after the first ampersand. It complains about the & not being encoded and the entity &p not recognised etc.
AFAIK the & shouldn't be encoded because it is a separator for the key value pair.
For those who care: I send these pars as querystring and not as "/" seperated values because there is no decent way of passing on optional parameters that I know of.
To put all the bits together:
an anchor (<a>) tag's href attribute needs an encoded value
& encodes to &
to encode an '&' when it is part of your parameter's value, use %26
Wouldn't encoding the ampersand into & make it part of my parameter's value?
I need it to seperate the second variable from the first
Indeed, by encoding my href value, I do get rid of the errors. What I'm wondering now however is what to do if for example my colorId would be "123&456", where the ampersand is part of the value.
Since the separator has to be encoded, what to do with encoded ampersands. Do they need to be encoded twice so to speak?
So to get the url:
www.mySite.com/search?query=123&456&page=1
What should my href value be?
Also, I think I'm about the first person in the world to care about this.. go check the www and count the pages that get their query string validated in the W3C validator..
Entities which are part of the attributes should be encoded, generally. Thus you need & instead of just &
It works even if it doesn't validate because most browsers are very, very, very lenient in what to accept.
In addition, if you are outputting XHTML you have to encode every entity everywhere, not just inside the attributes.
All HTML attributes need to use character entities. You only don't need to change & into & within script blocks.
Whatever
Anywhere in an HTML document that you want an & to display directly next to something other than whitespace, you need to use the character entity &. If it is part of an attribute, the & will work as though it was an &. If the document is XHTML, you need to use character entities everywhere, even if you don't have something immediately next to the &. You can also use other character entities as part of attributes to treat them as though they were the actual characters.
If you want to use an ampersand as part of a URL in a way other than as a separator for parameters, you should use %26.
As an example...
Hello
Would send the user to http://localhost/Hello, with name=Bob and text=you & me "forever".
This is a slightly confusing concept to some people, I've found. When you put & in a HTML page, such as in <a href="abc?def=5&ghi=10">, the URL is actually abc?def=5&ghi=10. The HTML parser converts the entity to an ampersand.
Think of exactly the same as how you need to escape quotes in a string:
// though you define your string like this:
myString = "this is \"something\" you know?"
// the string is ACTUALLY: this is "something" you know?
// when you look at the HTML, you see:
<a href="foo?bar=1&baz=2">
// but the url is ACTUALLY: foo?bar=1&bar=2

Resources