Why are backward slashes removed from querystring - ASP.NET & Javascript

Question

I am trying to generate a URL that contains a UNC path as one of the query string variables. The URL will open in a pop up window when an ASP.NET button control is clicked by the user. When the clicks the button, the backwards slashes are removed from the UNC path causing the page to break.

The button renders correctly in the page source file with all the backward slashes.

Is there any way to prevent this?

Here is my source code:

Code behind:

string unc = @"\\myserver\myfolder\myfile.txt";
string url = string.Format("http://www.mysite.com/page.aspx?a={0}", unc);

MyButton.Attributes.Add("onclick", @"javascript:FullPop('" + url + @"')");

ASPX page

<script language="javascript" type="text\javascript">
    function FullPop(Newurl) {
        Win = window.open( Newurl,"Monitor", "fullscreen=0,toolbar=1,location=1,directories=1,status=1,menubar=1,scrollbars=1,resizable=1,width=800,height=600,top=50,left=50");
        Win.focus();
    }
</script>

<asp:button id="MyButton" runat="server" cssclass="mycss" text="View Actual Target" />

Update

Server.UrlEncode does not work. Same behavior.

Update 1

Based on Daniel Lew's answer, I developed the following solution:

protected void Page_Load(object sender, EventArgs e)
{  
    string unc = @"\\myserver\myfolder\myfile.txt";
    string url = string.Format("http://www.mysite.com/page.aspx?a={0}", unc);

    MyButton.Attributes.Add("onclick", @"javascript:FullPop('" + this.EscapeforJavaScript(url) + @"')");
}

private string EscapeforJavaScript(string url)
{
    return url.Replace(@"\", @"\\"); 
}

Answer 1

I don't know anything about asp.net, but I have had experience with problems when adding text straight into JavaScript before through templating. Have you tried escaping the backslashes on your url, to avoid this?

// Returns "\myservermyfoldermyfile.txt", due to escpaing the backslash.
alert("\\myserver\myfolder\myfile.txt");

// Returns correct value of "\\myserver\myfolder\myfile.txt"
alert("\\\\myserver\\myfolder\\myfile.txt");

Answer 2

You have to URL encode the value that you put in the URL:

string url = "http://www.mysite.com/page.aspx?a=" + Server.UrlEncode(unc);

Edit:
To safely put the url in the Javascript code, you also have to encode the string for being a literal string:

MyButton.Attributes.Add("onclick", @"FullPop('" + url.Replace(@"\", @"\\").Replace("'", @"\'") + @"')");

(The javascript: protocol is only used when the Javscript is used as href for a link, not when you put code in an event like onclick.)

Answer 3

You may want to try URLEncoding your string on your server side, using the following method:

public static string UrlFullEncode(string strUrl) 
{
    if (strUrl == null)
        return "";
    strUrl = System.Web.HttpUtility.UrlEncode(strUrl);
}

I'm not 100% sure it if will replace the backslashes, but it's worth a try.