slashes in url variables - url

I have set up my coldfusion application to have dynamic urls on the page, such as
www.musicExplained/index.cfm/artist/:VariableName
However my variable names will sometimes contain slashes, such as
www.musicExplained/index.cfm/artist/GZA/Genius
This is causing a problem, because my application presumes that the slash in the variable name represents a different section of the website, the artists albums. So the URL will fail.
I am wondering if there is anyway to prevent this from happening? Do I need to use a function that replaces slashes in the variable names with another character?

You need to escape the slashes as %2F.

You could easily replace the forward slashes / with something like an underscore _ such as Wikipedia uses for spaces. Replacing special characters with underscores, etc., is common practice.

You need to escape those but don't just replace it by %2F manually. You can use URLEncoder for this.
Eg URLEncoder.encode(url, "UTF-8")
Then you can say
yourUrl = "www.musicExplained/index.cfm/artist/" + URLEncoder.encode(VariableName, "UTF-8")

Check out this w3schools page about "HTML URL Encoding Reference":
https://www.w3schools.com/tags/ref_urlencode.asp
for / you would escape with %2F

Related

Is there a way to escape all the special characters in a url string parameter?

I need users to be able to pass a file path as a parameter of a get url (the file would not be uploaded and only the local file path is used for some security reasons). Now it's difficult for them to go and change all the backslashes to "%5". I was wondering if there is a way to force encoding of a part of the url. For example something as simple as putting it in double quotes, which doesn't work...
http://example.com/"c:\user\somone\somefile.txt"/dosomething
I ended up using pattern matching of rest routes at the server level. Something like this:
/example.com/*path/dosomething
So it would match any path even with slashes/backslashes. At last I do a decoding of the url to get rid of the escaped characters passed by browser for chars like space.
java.net.URLDecoder.decode(path, "UTF-8")

How to rewrite URLs split by hyphens?

I am getting confused while writing URLs with hyphens. It is conflicting with GET parameters.
For instance, I have a long book name in URL, with spaces replaced by hyphens, like the-famous-world-records-of-athletics. After this I am getting error in pagination also separated with hyphens.
Please suggest how I can write URLs in given stage:
example.com/vc.php?book=the-famous-world-records-of-athletics
example.com/vc.php?book=the-famous-world-records-of-athletics&page=1
example.com/vc.php?book=the-famous-world-records-of-athleticstopic=jumping-and-racing&page=2
Wishing to write as:
example.com/the-famous-world-records-of-athletics.html
example.com/the-famous-world-records-of-athletics-1.html
example.com/the-famous-world-records-of-athletics-jumping-and-racing-2.html
A minus is perfectly valid in an URL, it is a so-called 'unreserved' character.
https://en.wikipedia.org/wiki/Percent-encoding
If you really need to replace them, I'd replace them with %2D, just like you would replace a space with %20.

Can backslash be encoded correctly in URL with URL rewrite?

I am working on an ASP.NET MVC2 project. The problem is when a string which would be rewritten into URL contains a special character such as backslash or question mark, the URL will be wrong, even if I have encoded it before.
For example:
I have a product id "p001\2-2".
I encoded it into "p001%5C2-2"
The URL http://domain.com/Product/p001%5C2-2 responds HTTP Error 400 - Bad Request.
How can I get it correct?
Try to use Html.Encode to resolve your backslash.
If the backslash is the only 'special' character in your id, you could use Replace("%5C","\").
Have you checked your routingMap? there has to be a route like
Product/{prodictID}
I had a similar problem with %2F in my URLs. Try appending the nOrmalize flag to your rewriteRule.
Example with normalize flag "O" in bold:
RewriteRule ^(.*)index\.html?$ http://www.yoursite.com/$1 [R=301,L,**O**]

Can we use & in url?

Can we use "&" in a url ? or should "and" be used?
Yes, you can use it plain in your URL path like this:
http://example.com/Alice&Bob
Only if you want to use it in the query you need to encode it with %26:
http://example.com/?arg=Alice%26Bob
Otherwise it would be interpreted as argument separator when interpreted as application/x-www-form-urlencoded.
See RFC 3986 for more details.
An URL is generally in the form
scheme://host/some/path/to/file?query1=value&query2=value
So it is not advisable to use it in an URL unless you want to use it for parameters. Otherwise you should percent escape it using %26, e.g.
http://www.example.com/hello%26world
This results in the path being submitted as hello&world. There are other characters which must be escaped when used out of context in an URL. See here for a list.
Unless you're appending variables to the query string, encode it.
encode '&' with & (this answer is based on your use of tags)
If you are asking what to use "&" or "and" when registering the name of your URL, I would use "and".
EDIT: As mentioned in comments "& is an HTML character entity and not a URI character entity. By putting that into a URI you still have the ampersand character and additional extraneous characters." I started answering before fully understanding your question.

Properly url encode space character

I use HttpUtility.UrlEncode to encode any value that is used in a route.
I already solved an issue with encoding forward slashes. The new problem I have now is with spaces. A space is encoded as + .
This works on the VS integrated Webserver, but I have an issue with it in IIS7 on Windows Server 2008.
If I have the URL http://localhost/Home/About/asdas+sdasd
I get the error 404.11 - Request contains double escape sequence.
I know I can just replace the space by "%20", but I dont want to care about propper encoding myself. Is there any ready to use UrlEncoder for MVC out there?
' ' encoded to %20 use HttpUtility.UrlPathEncode.
Any URL Encoding is most often designed to work on the path component of the url, the reason because different schemes have different characters in the safe list. Look for your libraries urlencoder and just use it in the path and above portion of the url.
#HttpUtility.UrlPathEncode(path)
UrlPathEncode just encodes the path of the Url, rather than encoding the whole Url.

Resources