tags:

views:

905

answers:

3
+1  Q: 

when assigning location.href, please explain url encoding (in asp.net and firefox)

In some javascript, I have:

var url = "find.aspx?" + "location=" + encodeURIComponent( address );
alert( url );
location.href = url;

where the value of address is the string "Seattle, WA".

In the alert I see

find.aspx?Seattle%2C%20WA

as I expect.

But on the server side, when I look at Request.Url, the relevant substring I see is

find.aspx?Seattle, WA

And in the Firefox url window I see

find.aspx?location=Seattle%2C WA

So I'm getting three different representations whereas I would expect that in all three places I should see what I see in the alert. My expectation is that the url I assign to location.href should show up as-is in the browser url window, and should be passed as-is to the server in Request.Url (and I would need to decode the values on the server before using them). What's happening?

+2  A: 

Firefox converts certain encoded characters into their literal forms as a way to be friendly to users. It will also convert spaces typed into the address bar into %20 for the server.

Update: The reason Firefox doesn't display the comma unencoded is because commas are allowed in URLs, but spaces are not, so it knows that a space is going to be unambiguously interpreted, whereas the pre-encoded comma is different from a non-encoded comma to some servers. see: http://stackoverflow.com/questions/198606/can-i-use-commas-in-a-url

ASP is probably trying to help you out by auto-un-encoding the string for you.

Update: It looks like ASP.NET unencodes Request.Url for you by default, as mentioned here: http://stackoverflow.com/questions/123994/querystring-malformed-after-urldecode They also mention that you can use HttpRequest.Url.Query to access the un-decoded version.

The alert is the only thing not doing any "magic" for you.

pib  2010-01-22 07:52:32
Thanks for the quick reply. If firefox is trying to show a friendly version of the url, why would it leave the %2c instead of just showing it as a comma? As for ASP.NET, it seems confusing if it's just trying to "help me out". Do you know where it's documented that it does this? I have to know whether it always does the unencoding, because otherwise I could mess things up by unencoding twice, right?
M Katz  2010-01-22 07:58:49
Encoding twice is prohibited by the URL specification and would indeed mess things up. Same for unencoding. That way, it is guaranteed that you can encode %2C as a string: `google/search?q=%252C` will search for "%2C" not for "," (double unencoding).
Abel  2010-01-22 08:15:33
A follow-up on your update: `Request.QueryString.ToString()` is overriden and gives a re-encoded version. `bla.aspx?a=%20b` returns then `a=+b`, while `QueryString["a"]` would return `" b"` (without quotes). Also note that `Request.RawUrl` gives the exact input GET request (often *not* including the host and protocol part) and `Request.Url.Query` gives the undecoded input querystring *including the question mark*. Altogether a bit messy perhaps, but once you know what's where... ;-)
Abel  2010-01-24 15:55:22
A: 

For your example you can change this line 

var url = "find.aspx?" + "location=" + encodeURIComponent( address );

to

var url = "find.aspx?" + "location=" + address;

and see the address as it is. Bu if address variable contains any '&' character your variable will be corrupt. So you are using encodeURIComponent to encode these things url.

On the Server side all these encoded strings are decoded back. It means encodeURIComponent is just for sending the address variable (whether it contains & character or not) to server side correctly.

Aykut  2010-01-22 07:57:43
Thanks. Can you help me find where it's documented that ASP.NET automatically unencodes the url for you (if it does)?
M Katz  2010-01-22 08:05:33
I assume: UrlDecodes is what you mean. It doesn't encode anything, you have to do that yourself for each link you create.
Abel  2010-01-22 12:49:00
+1  A: 
Abel  2010-01-22 08:08:04
Thanks for all the info. So I now understand that ASP.NET always assumes a single encode and always does a single decode for me (I would still like to see where this is documented explicitly). So then, it seems that the function Server.UrlDecode() wouldn't be used much. What are some times when you'd call this function?
M Katz  2010-01-22 08:28:41
@M Katz: Correct, UrlDecode is normally not used for decoding an incoming URL. However, sometimes an URL becomes part of the query string, which will already be encoded. It really depends on your requrements, but while I use Encode often, I don't find myself using Decode equally much. You might think of UnescapeDataString, but read this first: http://blogs.msdn.com/yangxind/default.aspx
Abel  2010-01-22 12:20:51
Follow-up: decoding is used internally already (see update). So the assumptions were correct, so far.
Abel  2010-01-22 12:49:36
@Abel: thanks for doing this research.
M Katz  2010-01-22 16:19:24
@M Katz, you're welcome. If you like the answer, consider upvoting and/or accepting it. Welcome at SO!
Abel  2010-01-24 14:30:41

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps