How the Space Character is handled (encoded) in the URL after the # sign.
I've the URL:
http://example.com/page.html#BookMark location
When I use %20 or + that is used to escape the space character in Query String (the string in URL after ?), I got the URL be double espaced by the browser -The behavior that doesn't happen when dealing with Query String-, example:
When I enter:
http://example.com/page.html#BookMark%20location
I got the browser try requesting this URL instead:
http://example.com/page.html#BookMark%2520location
Related
I am trying to pass the following string as a GET parameter to a PHP script:
<script src="http://mypage.net/test.php?cb=
var url = 'test'+document.body.outerHTML;
//"></script>
URL encoded, this string becomes:
%3Cscript%20src%3D%22http%3A%2F%2Fmypage.net%2Ftest.php%3Fcb%3D%0Avar%20url%20%3D%20%27test%27%2Bdocument.body%3B%0A%2F%2F%22%3E%3C%2Fscript%3E%0A
Chrome and Firefox both evaluate the the encoded string after passing it a get parameter to
var url = 'test' document.body;
replacing the %2B with a space, hence making to code syntactically false.
%252B works though, which is decoded to %2B and evaluates to +
How to prevent a server from returning an error 400 code error when the URL contains % symbol using NGINX server?
Nginx configuration for my website:
....
rewrite ^/download/(.+)$ /download.php?id=$1 last;
....
When I tried to get access to this URL:
http://mywebsite.net/download/some-string-100%-for-example
I got this error:
400 Bad Request
With this url :
http://mywebsite.net/download/some-string-%25-for-example
it's work fine !
It's because it needs to be URL encoded first.
This will explain:
http://www.w3schools.com/tags/ref_urlencode.asp
URLs can only be sent over the Internet using the ASCII character-set.
Since URLs often contain characters outside the ASCII set, the URL has to be converted into a valid ASCII format.
URL encoding replaces unsafe ASCII characters with a "%" followed by two hexadecimal digits.
URLs cannot contain spaces. URL encoding normally replaces a space with a plus (+) sign or with %20.
The URL interpreter is confused to see a % without hexadecimals after it.
Why would you think of solving by changing Nginx configuration???
It's impossible to solve from the server side. It's a problem from the client side.
https://headteacherofgreenfield.wordpress.com/2016/03/23/100-celebrations/
In that URL, the title is 100% Celebrations! but the permalink is autogenerated to 100-celebrations. It's because they know putting 100% will cause a URL encode problem.
If even Wordpress doesn't do it your way, then why should you do it?
In my rails app, when I add %dd or %ff in url parameter, why it returns invalid byte sequence in UTF-8?
I have a regex ^[a-zA-Z0-9_]+$ to catch if string includes letters + numbers + underscores only. Then when I add %dd, or %ff in my url parameter, it returns invalid byte sequence in UTF-8 error.
What does %dd and %ff means?
UPDATE:
My controller:
def search
regex = '^[a-zA-Z0-9_]+$'
#search = params[:search]
unless #search.match(alpha_num_under_regex).nil?
#users = User.find_by_name(#search)
render 'api/v1/users/show', status: 200, formats: :json
else
#users = []
render 'api/v1/users/show', status: 422, formats: :json
end
My URL:
localhost:3000/api/v1/users/show?search=%dd
When params search=%d it return Bad Request which is ok. But when I added another d, search=%dd or search=a%dd, it returns Action Controller: Exception caught - invalid byte sequence in UTF-8.
The question is, how can I pass invalid byte sequence in UTF-8 error?
From Wiki:
Percent-encoding, also known as URL encoding, is a mechanism for encoding information in a Uniform Resource Identifier (URI) under certain circumstances. Although it is known as URL encoding it is, in fact, used more generally within the main Uniform Resource Identifier (URI) set, which includes both Uniform Resource Locator (URL) and Uniform Resource Name (URN). As such, it is also used in the preparation of data of the application/x-www-form-urlencoded media type, as is often used in the submission of HTML form data in HTTP requests.
The query search=%dd is according to above treated/interpreted as search=<BYTE_WITH_ORD_VALUE_0xDD>. Ruby expects this string to be UTF-8, but 0xDD is not a valid UTF-8 symbol.
To avoid this problem and pass what was intended, one should URL-escape the search query explicitly by substituting % ⇒ %25 (the latter is apparently the percent-encoded percent sign itself.)
localhost:3000/api/v1/users/show?search=%25dd
the above will send %dd query to rails.
NB to be safe, one should build url queries according to the common rule, specified in the article linked above:
[List of reserved characters]
Other characters in a URI must be percent encoded.
I am using AFNetworking to fetch data from the server.
When there is an accented character in my URL I get an error like this:
userInfo={"NSUnderlyingError"=>#<__NSCFError:0xfd3aa70,
description="bad URL", code=-1000, domain="kCFErrorDomainCFNetwork",
userInfo={"NSLocalizedDescription"=>"bad URL"}>,
"NSLocalizedDescription"=>"bad URL"}>
However, when I try the URL from a browser (chrome), my backend API returns the results fine.
Here is a sample URL I'm trying: http://localhost:9000/my/Jalapeños
A URL requires to be properly encoded. Given your example is a string representing a URI, it's definitely wrong.
You may take a look at NSURLComponents (available for OSX >= 10.9 and iOS >= 7.0) and RFC 3986.
My app sends out an email with a URL in it. The url contains a query string attribute that is encrypted. I CGI escaped the encrypted value so that symbols like + * . etc are escaped. The escaped URL appears in the email as expected, but when we click on the link, the encrypted values are decrypted.
For Example, the url in the email is as follows
http://development.com/activate/snJAmJxkMo3WZ1sG27Aq?album_id=2&email=5M%2BjE1G6UB26tw/Ah%2Bzr1%2BJSSxeAoP6j&owner_id=4
email=5M%2BjE1G6UB26tw/Ah%2Bzr1%2BJSSxeAoP6j
when we click on this link the url in the browser appears as
http://development.com/activate/snJAmJxkMo3WZ1sG27Aq?album_id=2&email=5M+jE1G6UB26tw/Ah+zr1+JSSxeAoP6j&owner_id=4
email=5M+jE1G6UB26tw/Ah+zr1+JSSxeAoP6j
The + is substituted with space. As a result
params[:email] = 5M jE1G6UB26tw/Ah zr1 JSSxeAoP6j
which gives me a 404.
Is there any way I can avoid this situation. How can I make the url in the browser also appear as
http://development.com/activate/snJAmJxkMo3WZ1sG27Aq?album_id=2&email=5M%2BjE1G6UB26tw/Ah%2Bzr1%2BJSSxeAoP6j&owner_id=4
in the browser?
In order to avoid this situation I Hex encoded the email attribute so that the it contains only alphabets and numbers. Used these are the methods to Hex encode and decode.
convert string2hex:
def hexdigest_to_string(string)
string.unpack('U'*string.length).collect {|x| x.to_s 16}.join
end
convert hex2string
def hexdigest_to_digest(hex)
hex.unpack('a2'*(hex.size/2)).collect {|i| i.hex.chr }.join
end