What's going wrong with window.open here?

Question

I'm encoding the parameters in a url and setting the href of an a tag as follows:

href="javascript:var win=window.open('LayerPreview.aspx?tLNUMCswKSXpnGpQy1rWev26c5euEUa97eqiZYdDpMvDcKNbi6Z05Q3WC5DhG%2b8HJFGHAo%2fHiSFrtEEsHiConkpaT2aJ2WV0Hxxqo2l1bmkNdAotVVvI%2fT4JtE%2fc3dJ8MEAhM3NJZ15qk3fkW87q9A%3d%3d','','width=800,height=600,resizable=no','true');"

But when the link is clicked, in the Page_Load of LayerPreview.aspx, the query string has been modified, i.e. the original:

tLNUMCswKSXpnGpQy1rWev26c5euEUa97eqiZYdDpMvDcKNbi6Z05Q3WC5DhG%2b8HJFGHAo%2fHiSFrtEEsHiConkpaT2aJ2WV0Hxxqo2l1bmkNdAotVVvI%2fT4JtE%2fc3dJ8MEAhM3NJZ15qk3fkW87q9A%3d%3d'

becomes:

tLNUMCswKSXpnGpQy1rWev26c5euEUa97eqiZYdDpMvDcKNbi6Z05Q3WC5DhG+8HJFGHAo%2fHiSFrtEEsHiConkpaT2aJ2WV0Hxxqo2l1bmkNdAotVVvI%2fT4JtE%2fc3dJ8MEAhM3NJZ15qk3fkW87q9A=%3d

This, obviously, screws up my decoding.

Any ideas?

Thanks,

Carl.

Edit: I'm already using System.Web.HttpUtility.UrlEncode and System.Web.HttpUtility.Decode.

Here's the operation:

1. Generate the plain text query string.
2. Encrypt the query string.
3. Run it thru System.Web.HttpUtility.UrlEncode.

When reading the query string I just do the opposite:

1. Run it thru System.Web.HttpUtility.UrlDecode.
2. Decrypt the query string.
3. Read the query string.

This works everywhere else in my web app but not when assinging the link for the window.open url or any other javascript method.

Answer 1

Your string contains some characters which will be escaped, that is what is happening to you I believe. I think you might need to use URLEncode and URLDecode. You can do it either in javascript or on the server side, depending on how you are coming up with that long string (encrypted text?).

Answer 2

Your original query parameter contains a number of percentage % signs. My guess is that these are again interpreted (together with the the following 2 or 3 characters, search google for URL Encoding). If this is indeed the case, see if you can somehow escape the % signs, or 'encode' them.

Answer 3

Use Uri.EscapeDataString and Uri.UnescapeDataString not Uri.EscapeUriString (URLEscape is the same as EscapeUriString).

urlencode and urldecode are for urls. urlencode converts spaces to + and leaves "/" alone because it assumes that those are valid characters in a url (which they are). urldecode does the reverse, converting + to space. urldecode doesn't expect to see + being converted. I imagine that it also doesn't expect a valid URL to have "==" in it. Usually it's a bunch of "x=y" separated by "&". "=" twice in a row doesn't make sense, so it only converted one.

But you don't want + converted to space and back, you want %2b or whatever. You're not escaping a URL, you're escaping a Data string that will be in a url. Use Uri.EscapeDataString and Uri.UnescapeDataString in .NET.

(Your "encryption" is outputing 0-9 a-z A-Z + /, a total of 64 different characters with == at the end. So let's not call it "encryption" so much as base64. The original data is some binary, so I guess that THAT is the encrypted data.)

http://codeidol.com/csharp/csharpckbk2/Web/Escaping-and-Unescaping-Data-for-the-Web/