tags:

views:

284

answers:

2
Q: 

Double encoded url being fully decoded in ASP.NET

I have just come across something that is quite strange and yet I haven't found any mention on the interwebs of others having the same problem.

If I hit my ASP.NET application with a double encoded url then the Request["myQueryParam"] will do a double decode of the query for me. This is not desirable as I have double encoded my query string for a good reason.

Can others confirm I'm not doing something obviously wrong, and why this would happen. A solution to prevent it, without doing some nasty query string parsing, would be great too!

As an example if you hit the url: http://localhost/MyApp?originalUrl=http%3a%2f%2flocalhost%2fAction%2fRedirect%3fUrl%3d%252fsomeUrl%253futm_medium%253dabc%2526utm_source%253dabc%2526utm_campaign%253dabc

(For reference %25 is the % symbol)

Then look at the Request["originalUrl"] (page or controller) the string returned is:

http://localhost/Action/Redirect?Url=/someUrl?utm_medium=abc&utm_source=abc&utm_campaign=abc

I would expect:

http://localhost/Action/Redirect?Url=%2fsomeUrl%3futm_medium%3dabc%26utm_source%3dabc%26utm_campaign%3dabc

I have also checked in Fiddler and the URL is being passed to the server correctly (one possible culprit could have been the browser decoding the URL before sending).

A: 

Relax, the handling of encoded parameters by HttpRequest is not broken.

In fact, both as a hyperlink and a direct navigation from address bar result in your 'expected' result in the Request.

<a href="WebForm1.aspx?originalUrl=http%3a%2f%2flocalhost%2fAction%2fRedirect%3fUrl%3d%252fsomeUrl%253futm_medium%253dabc%2526utm_source%253dabc%2526utm_campaign%253dabc">HEY</a>

and

WebForm1.aspx?originalUrl=http%3a%2f%2flocalhost%2fAction%2fRedirect%3fUrl%3d%252fsomeUrl%253futm_medium%253dabc%2526utm_source%253dabc%2526utm_campaign%253dabc

result: http://localhost/Action/Redirect?Url=%2fsomeUrl%3futm_medium%3dabc%26utm_source%3dabc%26utm_campaign%3dabc

You must be doing something with the URL beforehand, like redirecting or stuffing a NavigateUrl property of an asp.net control and letting asp.net render it which might be performing the first decode before it hits the target page.

Sky Sanders  2010-03-23 18:05:22
Ahhh, cheers, it seems to be cause by something related to our platform - quite possibly our URL rewriter. I'll make sure I test on an empty project first next time!
Brad R  2010-03-24 10:31:26
Yes it was our URL rewriter - we were accessing the QueryString property of the request and then appending it onto the rewritten URL without re-encoding. Thanks for the lead, once I had that it didn't take long to narrow it down.
Brad R  2010-03-24 13:52:17
@BradR, my pleasure.
Sky Sanders  2010-03-24 15:20:30
A: 

I think this has to do with your browser.

Looking at Google's Browser Security Document, the following browsers translate non-reserved %nn sequences in the address bar: MSIE7, MSIE8, FF3, Opera, Chrome.

In which browsers have you tested this outcome?

Jim Schubert  2010-03-23 18:07:08
I thought the same, so I fired up Fiddler and confirmed that the browser was in fact sending the correct URL to the server (tested in FF3).
Brad R  2010-03-24 10:21:43

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps