Pass URL as get parameter? - asp.net-mvc

I'm trying to pass u url as parameter to a get method.
I defined a route that accepts a {*url} parameter so I can send "/" characters without it separating my parameter.
As soon as there is a ":" in the url (like in http: or localhost:3857 for example), the method never gets hit.
The Html.ActionLink method escapes it's parameter itself, but it doesn't seem to escape the ':'. I cannot escape it manually because then the escape characters get escaped by the very same Html.Actionlink method.
any ideas?

Use EncodeUrl before you pass it, and then decode it on the other side.

I ran into the same problem. I ended up removing the Html.ActionLink and replaced it with:
#item.Title
#item.ID is a url returned from the netflix api, example http://api.netflix.com/catalog/titles/series/70021357/seasons/70021357. Now my url looks like this - /Home/Movies?id=http://api.netflix.com/catalog/titles/series/70021357/seasons/70021357, and I just used Request.QueryString to get the value in the controller:
Request.QueryString.Get("id")
Probably not ideal but it works for now.

It's a bit of a hack, but you could replace the ':' with '%3A' (which is the escaped form), and see what the ActionLink does with it. If it's escaped once more, you'd have to replace the twice-escaped version back to ':' at the server, otherwise just replace '%3A' back to ':'

Related

Match double slash in rails route constraint

Suppose I am expecting a url as part of my route - maybe a callback url or similar - I might use the following route:
get '/mymodel/:url', to: 'mycontroller#docallback', url: /.*/
Now I would like to be able to go to http://www.myapp.com/mymodel/http://www.google.co.uk/ and process http://www.google.co.uk/ in mycontroller - but it is processed as http:/www.google.co.uk/ (one slash). How can I rectify this? Is the regex wrong or is there some flag I have to set?
I don't think that "http://www.myapp.com/mymodel/http://www.google.co.uk/" is a valid url.
Normally if you want to pass a url as a parameter you would call CGI.escape on it first, which would convert "http://www.google.co.uk/" to "http%3A%2F%2Fwww.google.co.uk%2F" CGI.escape will turn any string into a url-safe version of itself, basically replacing any characters which have a special function in a url, like ":/?&" and also space and some other characters which would otherwise break the formatting.
So, you would end up with a url like
"http://www.myapp.com/mymodel/http%3A%2F%2Fwww.google.co.uk%2F"
which would come through in params like
params = {:url => "http://www.google.co.uk/"}
Note how it's been unescaped here: Rails automatically* calls CGI.unescape on parameter values before putting them into the params hash.
However, this url
"http://www.myapp.com/mymodel/http%3A%2F%2Fwww.google.co.uk%2F"
looks pretty weird to me. It would be better to be more explicit and pass it through as a named parameter in the url itself, like
"http://www.myapp.com/mymodel?url=http%3A%2F%2Fwww.google.co.uk%2F"
which will require a slight change to your routes.
* I think Rails will do this but it might depend on circumstances. Try it.
...Turned out that the request was not encoded on the client side before being sent, solution was to use encodeURIComponent() on the url before sending it.

Apostrophe issue in url with OData

I am using oData protocol which add the filter criteria in the url
E.g. /api/restaurants/getall?$filter=substringof('macdonald',Name)
My problem when the value has apostrophe like (macdonald's) it will break the url
It works fine if I replace it with %26 like macdonald%26 but by adding s (macdonald%26s) the url will not work
any suggestions?
When inside the quoted string a single quote can be escaped by doubling it. So in your case it would look like 'macdonald''s'.
I see this is an old post, but I'll point out that the arguments in the substringof expression are switched.
https://help.nintex.com/en-us/insight/OData/HE_CON_ODATAQueryCheatSheet.htm
This is aside from the apostrophe (single quote) problem.

Base 64 encoded querystring parameter getting characters replaced

I have a querystring parameter that is an encoded string that gets converted to Base64. That parameter is then embedded in a link within an email. When I click the link in the email, the querystring parameter has had all the + characters within it replaced by space characters. There are no other differences. Is there a method I can call to sanitise the string and effectively replace the spaces with pluses again. I'm currently doing a string replace which is a bit fat hack. Something is causing the replacement but I'm not sure what. Has anyone come across anything like this before?
Example - querystring parameter value within URL of the browser:
yo3rZZbZyG4UCN+L3pcTYJXmWEggnkW1qcyJk2uBrVTtGUSKIlBcJ8e9TSx8BHjHJv0JhI8H6LbIqUl+3lA7qn+lOgpSi3rCGN4bm5moOWcCA449C1Z3zj7J1FkOXH2HMox4VUZ7x7fF65MRwuBBmw==
Value of string within controller action:
yo3rZZbZyG4UCN L3pcTYJXmWEggnkW1qcyJk2uBrVTtGUSKIlBcJ8e9TSx8BHjHJv0JhI8H6LbIqUl 3lA7qn lOgpSi3rCGN4bm5moOWcCA449C1Z3zj7J1FkOXH2HMox4VUZ7x7fF65MRwuBBmw==
You should URL encode the base64 string to the link, so it is:
yo3rZZbZyG4UCN%2BL3pcTYJXmWEggnkW1qcyJk2uBrVTtGUSKIlBcJ8e9TSx8BHjHJv0JhI8H6LbIqUl%2B3lA7qn%2BlOgpSi3rCGN4bm5moOWcCA449C1Z3zj7J1FkOXH2HMox4VUZ7x7fF65MRwuBBmw%3D%3D
HttpUtility.UrlEncode(base64str) in .NET, or encodeURIComponent(base64str) in javascript
you can use System.Web.HttpServerUtility.UrlTokenEncode (from http://brockallen.com/2014/10/17/base64url-encoding/#comments)
It is doing this because the + sign is interpreted as a marker to say that another parameter follows. This is why it is getting mangled. You should URL encode your string before you pass it to the server.

Passing fullstops (periods) and forward slashes in a GET request?

I have built a form that submits values to Wufoo as a GET request in the URL. I cannot get it to work if any of the values (in a textarea) contain a line-break or a forward slash. Is there a way to encode these in a URL?
This is being done in Rails.
I thought Rails would do that for you. But if you need to do it manually, you can use CGI::escape, e.g.
> require 'cgi'
...
> CGI.escape("hello%there\nworld")
=> "hello%25there%0Aworld"
EDIT:
Actually, CGI does not seem to escape a dot. URI can be used instead, it takes an extra parameter that lets you list extra characters you want escaped:
URI.escape("hello.there%world", ".")
http://en.wikipedia.org/wiki/Percent-encoding

How can I send a GET request containing a colon, to an ASP.NET MVC2 controller?

This works fine:
GET /mvc/Movies/TitleIncludes/Lara%20Croft
When I submit a request that contains a colon, like this:
GET /mvc/Movies/TitleIncludes/Lara%20Croft:%20Tomb
...it generates a 400 error. The error says ASP.NET detected invalid characters in the URL.
If I try url-escaping, the request looks like this:
GET /mvc/Movies/TitleIncludes/Lara%20Croft%3A%20Tomb
...and this also gives me a 400 error.
If I replace the colon with a | :
GET /mvc/Movies/TitleIncludes/Lara%20Croft|%20Tomb
..that was also rejeted as illegal, this time with a 500 error. The message: Illegal characters in path.
URL-escaping that | results in the same error.
I really, really don't want to use a querystring parameter.
related:
Sending URLs/paths to ASP.NET MVC controller actions
I found that URL encoding did not work, but custom encoding did.
I guess ASPNET MVC uses the filesystem to do the parsing and routing, because a character in the URL that is not legal in the filesystem, causes a 500 or 400 error.
So what I did was replace colons with the unicode
¡ character in the javascript side, and then do the converse in the action. like this:
browser:
function myEscape(s){
return s.replace(':', '%C2%A1').trim();
}
in the action, call this conversion before using the argument:
private string MyCustomUnescape(string arg)
{
return arg.Replace("¡", ":");
}
The same approach works for slashes - just pick a different unicode character. Of course if your string arguments themselves are unicode, then you'll have to use non-printable characters for the "encoded" forms.
If SEO is not a problem you may use base64 and then urlencode that. After the first step every character you'll have will be easily encoded. Decoding in .NET is as easy as using the helper in System.Web.HttpUtility and System.Convert.
Similar answered here:
https://stackoverflow.com/a/12037000/134761
Use question mark and ampersands for arguments and URL encode the arguments.
Example: GET /mvc/Movies/TitleIncludes?title=Lara%20Croft%3A%20Tomb
I agree it would be nice to encode things into the url as well, but there is probably a good reason not to.

Resources