prevent browser from evaluating %2F - html

I have a php script which generates a bunch of links like so
link
but when I hover over this link or click on it, it really goes to
http://localhost/explorer/index.php?repository_id=default&folder=/mypath/inner/inner2
How do I prevent this behavior and force it to go to http://localhost/explorer/index.php?repository_id=default&folder=%2Fmypath%2Finner%2Finner2
The tool which receives this input needs to have %2F inside of the /

The hover display is often unescaped for ease of use. If you inspect the page source it should still be uri escaped.
When you use the link the GET param will still be uri escaped and get to your php script intact.

You need to encode the URL string you are using. http://php.net/manual/en/function.urlencode.php
Or manually Replace %2 with %252F (% encoded + 2F)

Related

Multilingual URLs showing as unicode in breadcrumb menu

I have a Norwegian URL path which looks like this /om-os/bæredygtighed/socialt-ansvar
In my breadcrumb menu, I expect to see something like this:
Om os > Bæredygtighed > Socialt-ansvar
However, the æ is appearing as %c3%a6. So my breadcrumb looks like this:
Om os > B%c3%a6redygtighed > Socialt-ansvar
I have <meta charset="utf-8"> in the head, so I'm unsure why these characters are still appearing?
I don't know how you are building the URLs, but, except for the domains, that have a different encoding, all non-ASCII parts of a URL must be URL-encoded, AKA percent-encoded. The browser does it for you if you don't do it yourself. OTOH, the browser will in most cases show you the unencoded version of your characters. You might not be aware that what is sent over the wire is URL-encoded.
E.g., your path is sent over the wire as /om-os/b%c3%a6redygtighed/socialt-ansvar, even if you see /om-os/bæredygtighed/socialt-ansvar in the address bar. Check it with the developer tools. If you use Firefox, you will have to look at the Headers tab of the HTTP call's details in the Network tab. Chrome, instead, will also show you the HTTP call's summary row URL-encoded. That %c3%a6 in the path is the hex value of the two bytes, C3 and A6, that make up the UTF-8 encoding of the character æ.
You can even set your window.location.pathname programmatically to /om-os/bæredygtighed/socialt-ansvar, but when you read window.location.pathname afterwards, you will get it URL-encoded:
window.location.pathname = '/om-os/bæredygtighed/socialt-ansvar'
[...]
console.log(window.location.pathname)
/om-os/b%C3%A6redygtighed/socialt-ansvar
I don't know how your path flows into your breadcrumbs, but you clearly can reverse the URL-encoding before using your strings.
In JavaScript you normally do that with decodeURIComponent():
console.log(decodeURIComponent('b%c3%a6redygtighed'))
bæredygtighed
console.log(decodeURIComponent('/om-os/b%c3%a6redygtighed/socialt-ansvar'))
/om-os/bæredygtighed/socialt-ansvar
In PHP you normally do that with urldecode:
$decoded = urldecode('b%c3%a6redygtighed'); // will contain 'bæredygtighed'
But it would be better if you could make your data flow in a way that avoids the encoding and decoding steps before reaching your breadcrumbs.
If you have not yet figured out the fix -
just to add on top of whatever walter-tross has already mentioned in above answer -
For the given input - (/om-os/bæredygtighed/socialt-ansvar)
the encodeURI js-method output is as follows -
/om-os/b%C3%A6redygtighed/socialt-ansvar
and the the encodeURIComponent js-method output is as follows -
%2Fom-os%2Fb%C3%A6redygtighed%2Fsocialt-ansvar.
Given the above, it appears that you are fetching the bread-crumb input from the URL. And the behaviour is equivalent to encodeURI method, thus enabling you to split on the '/' character.
The fix, as already noted, would be to perform url-decode using decodeURI or decodeURIComponent on the individual components prior to using it as content.

Creating an HTML link that will not be URL decoded

I need to create a link to a web page that contains the character # (%23). However, when the URL gets decoded (resulting in a URL containing #), the character is not recognized and the page is not displayed properly.
When I create a link as follows, the %23 just gets replaced with #. This may be the behaviour of the browser, but how can I stop it and reach the proper URL with the string still URL encoded? I would prefer to do it without JavaScript if it is possible.
click
Browser goes to: http://aWebsite.com/somePath/somePage #myParameter
I want to go to: http://aWebsite.com/somePath/somePage %23myParameter
It sounds like you need to encode it a second time. The "%" will become "%25" so you'll have:
click
Edit:
If you want the "#" to be sent to the server as part of the URL, then it's not going to work. The browser treats that as a bookmark so it is removed from the requested URL. Once the page is loaded, the browser will scroll to that bookmark.
You need to doube encode it:
http://example.com/somePath/somePage %2523myParameter
%25 will resolve in % in the final url

How to Prevent Browser Control from URLDecoding an Embedded URL Link

Please forgive my lack of knowledge surrounding HTML
I am trying to generate a static HTML page which is rendered in an embedded HTML Browser component in a 3rd party application.
In the HTML Body I have a URL Link embedded within the page.
Access Application
Note that the above URL is "URLEncoded". Specifically, the query string after "encrypt=" is encrypted, and then URLEncoded.
Problem
The HTML browser component embedded in the 3rd party application renders the HTML and all appears fine, EXCEPT that it Decodes the URL String.
This results in a hyperlink with the following URI;
https://mydomain.com.au/Web/Default.ashx?encrypt=x+NWTAVMqprD+ZyFtf1tfBVfIfhqKJ3JCjMmiXiSJSUl6n4FzCuW8mwQfpNskdQEvqU7QiWMdR+bu9y6+iO8eh41XwGJX9l5iCYZunTamhGdkkiR9CqVCrkStu+zAlhqcJYG6M0zztcActpm6iSn99gXDlw8z+Hs8Q88N9fZyXdYpxspgl+AoGZe7hR3zOulJb1YhabyBbf+kfI0dq1YQpHn3SWig8HuWvBANXPrPHDqAOsnT1DtJQ==
Note the now existance of characters such as "+" and "=" which causes the failure to load the application which is the target of the URL.
Is there any way to prevent a browser (browser control?) from decoding this URL string and maintaining its integrity?
I am thinking off the top of my head, and I don't really understand the purpose of this suggestion but will defining a "type" attribute on the Link such as
<a type="application/x-www-form-urlencoded" href="xxx.com/ddddd" class="Action">Access Application</a>
have any effect?
How else can I prevent the browser control from decoding this URL?
Meta Tags in the < head > ???
Thanks in Advance!
Kind Regards
Aaron
We had to escape the % symbol.
For example: changing %2B in the link to %252B (%25 being the escape code for a % symbol). Likewise changing %3D to %253D had the same effect and prevent the client application rendering %3D to a = sign.
We couldn't stop the client application from 'decoding' the URL entirely but at least now it decoded to the correct URL value

Unwanted characters being added to url in HTML

I'm trying to include a simple hyperlink in a website:
...Engineers (IEEE) projects:
So that it ends up looking like "...Engineers (IEEE) projects:" with "IEEE" being the hyperlink.
When I click on copy link address and paste the address, instead of getting
http://www.ieee.ucla.edu/
I get
http://www.ieee.ucla.edu/%C3%A2%E2%82%AC%C5%BD
and when I click on the link, it takes me to a 404 page.
Check the link. These special character are added automatically by browser (URL Encoding).
Url Encoding
Use this code and it will work::
IEEE
The proper format to add hyperlink to a html is as follow
(texts to be hyperlink)
and for better understanding go through this link http://www.w3schools.com/html/html_links.asp
%C3%A2%E2%82%AC%C5%BD represents „ which is when you get when a unicode „ is being parsed as Windows-1252 data.
Use straight quotes to delimit attribute values in your real code. You are doing this in the code you have included in the question, but that won't have the effect you are seeing. Presumably your codes are being transformed at some point in your real code.
Add appropriate HTTP headers and <meta> data to tell the browser what encoding your file is really using

A html space is showing as %2520 instead of %20

Passing a filename to the firefox browser causes it to replace spaces with %2520 instead of %20.
I have the following HTML in a file called myhtml.html:
<img src="C:\Documents and Settings\screenshots\Image01.png"/>
When I load myhtml.html into firefox, the image shows up as a broken image. So I right click the link to view the picture and it shows this modified URL:
file:///c:/Documents%2520and%2520Settings/screenshots/Image01.png
^
^-----Firefox changed my space to %2520.
What the heck? It converted my space into a %2520. Shouldn't it be converting it to a %20?
How do I change this HTML file so that the browser can find my image? What's going on here?
A bit of explaining as to what that %2520 is :
The common space character is encoded as %20 as you noted yourself.
The % character is encoded as %25.
The way you get %2520 is when your url already has a %20 in it, and gets urlencoded again, which transforms the %20 to %2520.
Are you (or any framework you might be using) double encoding characters?
Edit:
Expanding a bit on this, especially for LOCAL links. Assuming you want to link to the resource C:\my path\my file.html:
if you provide a local file path only, the browser is expected to encode and protect all characters given (in the above, you should give it with spaces as shown, since % is a valid filename character and as such it will be encoded) when converting to a proper URL (see next point).
if you provide a URL with the file:// protocol, you are basically stating that you have taken all precautions and encoded what needs encoding, the rest should be treated as special characters. In the above example, you should thus provide file:///c:/my%20path/my%20file.html. Aside from fixing slashes, clients should not encode characters here.
NOTES:
Slash direction - forward slashes / are used in URLs, reverse slashes \ in Windows paths, but most clients will work with both by converting them to the proper forward slash.
In addition, there are 3 slashes after the protocol name, since you are silently referring to the current machine instead of a remote host ( the full unabbreviated path would be file://localhost/c:/my%20path/my%file.html ), but again most clients will work without the host part (ie two slashes only) by assuming you mean the local machine and adding the third slash.
For some - possibly valid - reason the url was encoded twice. %25 is the urlencoded % sign. So the original url looked like:
http://server.com/my path/
Then it got urlencoded once:
http://server.com/my%20path/
and twice:
http://server.com/my%2520path/
So you should do no urlencoding - in your case - as other components seems to to that already for you. Use simply a space
When you are trying to visit a local filename through firefox browser, you have to force the file:\\\ protocol (http://en.wikipedia.org/wiki/File_URI_scheme) or else firefox will encode your space TWICE. Change the html snippet from this:
<img src="C:\Documents and Settings\screenshots\Image01.png"/>
to this:
<img src="file:\\\C:\Documents and Settings\screenshots\Image01.png"/>
or this:
<img src="file://C:\Documents and Settings\screenshots\Image01.png"/>
Then firefox is notified that this is a local filename, and it renders the image correctly in the browser, correctly encoding the string once.
Helpful link: http://support.mozilla.org/en-US/questions/900466
Try using this
file:///c:/Documents%20and%20Settings/screenshots/Image01.png
Whenever you are trying to open a local file in the browser using cmd or any html tag use "file:///" and replace spaces with %20 (url encoding of space)
The following code snippet resolved my issue. Thought this might be useful to others.
var strEnc = this.$.txtSearch.value.replace(/\s/g, "-");
strEnc = strEnc.replace(/-/g, " ");
Rather using default encodeURIComponent my first line of code is converting all spaces into hyphens using regex pattern /\s\g and the following line just does the reverse, i.e. converts all hyphens back to spaces using another regex pattern /-/g. Here /g is actually responsible for finding all matching characters.
When I am sending this value to my Ajax call, it traverses as normal spaces or simply %20 and thus gets rid of double-encoding.
Try this?
encodeURIComponent('space word').replace(/%20/g,'+')