Escape url on a html tag

Question

Hi there.

I'm doing this:

<a href="http%3A%2F%2Flocalhost%3A8080%2Fnews.xhtml%3Fid%3D32%26lang%3Den" target="_blank" />

and when this is rendered, the link points to: http://localhost:8080/news.xhtml?id=32&lang=en

I need that this link points to the url encoded and not to the one decoded.

Does anyone knows how to escape it?

Update (as per the comments): I need it to implement Share this on facebook feature. The way to do it is to call the following link: http://facebook.com/sharer.php?u=<encoded url to share>

Answer 1

Why do you need this? The link would then be technically broken.

Regardless, you basically just need to replace the percents % by their URL-encoded representation %25 (in other words: just encode the URL twice).

Thus, the result in your particular case would be:

http%253A%252F%252Flocalhost%253A8080%252Fnews.xhtml%253Fid%253D32%2526lang%253Den

Update: as you're asking this in JSF context, here's the way how you would normally create links in JSF (which are thus by default already URL-encoded):

<h:outputLink value="#{bean.url}" />

If you want to encode it twice, you'll have to grab JSTL's c:url:

<c:url value="#{bean.url}" var="url" />
<h:outputLink value="#{url}" />

Update 2: as per the comment, the actual requirement is now entirely clear, the normal JSF way would then have been (note that you don't necessarily need to encode it twice here!):

<h:outputLink value="http://facesbook.com/sharer.php"&gt;
    <f:param name="u" value="#{bean.url}" />
</h:outputLink>

Answer 2

There are a number of resources with tools that do this for you:

HtmlEscape.net for example escapes your text to http://localhost:8080/news.xhtml?id=32&lang=en.

That's as much escaping as browsers tend to need, what are your requirements here?

Answer 3

I'm not sure why you are doing this, but you are essentially doubly escaping the real URL:

var s0 = "http://localhost:8080/news.xhtml?id=32&lang=en";
var s1 = escape(s0);
var s2 = escape(s1);
var s3 = unescape(s2);
var s4 = unescape(s3);
// Assume function created for echo
echo("Original: " + s0);
echo("Escape1: " + s1);
echo("Escape2: " + s2);
echo("Unescape1: " + s3);
echo("Unescape2: " + s4);

This results in the following output:

Original: http://localhost:8080/news.xhtml?id=32&lang=en
Escape1: http%3A//localhost%3A8080/news.xhtml%3Fid%3D32%26lang%3Den
Escape2: http%253A//localhost%253A8080/news.xhtml%253Fid%253D32%2526lang%253Den
Unescape1: http%3A//localhost%3A8080/news.xhtml%3Fid%3D32%26lang%3Den
Unescape2: http://localhost:8080/news.xhtml?id=32&lang=en

NOTE: Usually you only want to escape the individual parameters of the URL and not the entire URL itself.

Answer 4

I'm not clear either on the background, but I'm wondering if you are encoding the entire URL intentionally?

My understanding is that you only need to encode anything that is not standard for URLs, like spaces, forward-slashes that don't indicate a directory, etc.

But supposing you maybe had the URL passed to you as a get variable, perhaps, you could use something like javascript (or jquery) to decode where the link points without going to the trouble of hand double-encoding, etc. There is a really simple and light add on for jquery called URL Encode that can encode and decode. Granted the source code would still reflect the coding, but the link (both when clicked or when hovered over) would reflect the non-encoded URL