tags:

views:

501

answers:

2
+1  Q: 

Do I need to encode strings (eg URL) I pass as a POST form parameter

Hi

Do I need to encode strings (eg URL) I pass as a POST form parameter?

Ie I want to pass a URL I have to my web application (ruby on rails) as one of the form parameters. So are there any potential characters in a URL/URI that would need to be encoded? Or perhaps rails would handle this anyway?

A: 

As a general statement, if you emit programmatic or user input data to an HTML page, you should encode it for HTML. Bear in mind that URLs often have the & character and that should be encoded, even if browsers appear to handle it okay.

I'm not a Ruby guy, so I don't know how you do that in Ruby, nor am I familiar with Ruby on Rails to say if it will do it (though I would be a little surprised by that), but the guideline I suggest isn't language specific.

John Cavan  2009-09-30 23:36:09
In this case it will my client that does the update...so I was more trying to understand how robust a HTTP POST is with it's parameters re whether any characters are ok? Ie assume the input is a valid but complex URL/URI...hope this makes sense
Greg  2009-09-30 23:42:05
@Greg Given the input could be anything, you should encode it. I'm assuming that you're emitting that value to an HTML document with that statment. If it's actually part of the HTTP protocol, no intermediate HTML document that has the URL embedded in it, then no, there's no specific encoding requirement I'm aware of.
John Cavan  2009-09-30 23:47:33
+2  A: 

Do I need to encode strings (eg URL) I pass as a POST form parameter?

That depends on what you're using to create/send your POST request. If you're directly creating the request body yourself, then yes you would have to URL-encode each parameter:

POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded

foo=bar&url=http://www.example.com/url?innerparameter1=1&innerparameter2=2

this is no good:innerparameter2 is actually a parameter of the outer form-encoded string. It would need encoding, which would look like:

foo=bar&url=http%3A//www.example.com/url%3Finnerparameter1%3D1%26innerparameter2%3D2

If, however, you are using something higher-level to make the POST request, and passing in some kind of mapping of parameter strings, I would expect that component to take care of the URL-encoding for you.

Code?

bobince  2009-09-30 23:51:00

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.