Is there a difference between Server.UrlEncode and HttpUtility.UrlEncode?
+20
A:
HttpServerUtility.UrlEncode will use HttpUtility.UrlEncode internally. There is no specific difference. The reason for existence of Server.UrlEncode is compatibility with classic ASP.
Mehrdad Afshari
2009-03-02 15:03:07
+1
A:
The same. Server.UrlEncode() calls HttpUtility.UrlEncode();
Andrew Robinson
2009-03-02 15:05:51
+4
A:
Server.UrlEncode() is there to provide backward compatibility with Classic ASP,
Server.UrlEncode(str);
Is equivalent to:
HttpUtility.UrlEncode(str, Response.ContentEncoding);
CMS
2009-03-02 15:11:36
+11
A:
Keep in mind that you probably shouldn't be using either one of those methods. Microsoft's Anti-Cross Site Scripting Library includes replacements for HttpUtility.UrlEncode and HttpUtility.HtmlEncode that are both more standards-compliant, and more secure. As a bonus, you get a JavaScriptEncode method as well.
Joel Mueller
2009-03-02 20:56:49
+15
A:
Having had significant headaches with these methods before, I recommend you avoid any variant of UrlEncode, and instead use Uri.EscapeDataString - at least that one has a comprehensible behavior.
Let's see...
HttpUtility.UrlEncode(" ") == "+" //breaks ASP.NET when used in paths, non-
//standard, undocumented.
Uri.EscapeUriString("a?b=e") == "a?b=e" // makes sense, but rarely what you
// want, since you still need to
// escape special characters yourself
But my personal favorite has got to be HttpUtility.UrlPathEncode - this thing is really incomprehensible. It encodes:
- " " ==> "%20"
- "100% true" ==> "100%%20true" (ok, your url is broken now)
- "test A.aspx#anchor B" ==> "test%20A.aspx#anchor%20B"
- "test A.aspx?hmm#anchor B" ==> "test%20A.aspx?hmm#anchor B" (*note the difference with the previous escape sequence!*)
It also has the lovelily specific MSDN documentation "Encodes the path portion of a URL string for reliable HTTP transmission from the Web server to a client." - without actually explaining what it does. You are less likely to shoot yourself in the foot with an Uzi...
In short, stick to Uri.EscapeDataString
Eamon Nerbonne
2009-07-18 19:10:43
And unfortunately that still doesn't work when doing HTTP requests against some web servers -- Uri.EscapeDataString() doesn't encode "!" or "'", which differs from how most browser implementations of escape() work...
Chris R. Donnelly
2009-08-11 20:30:00
! and ' characters are not supposed to be encoded; but if a buggy webserver requires this, it's easy to workaround.Avoid javascript's escape function - it's inherently buggy (impossible to roundtrip, for one). See http://xkr.us/articles/javascript/encode-compare/ - but in short; you can use encodeUriComponent() instead, which behaves similarly to EscapeDataString - it predictably and reversibly encodes a string, and also does not encode ! and ' characters.
Eamon Nerbonne
2009-08-12 08:35:28
This is old, but the question got bumped to the front page, so.... The path part of a url string is the part between the domain and the ? or # in a url.
R. Bemrose
2009-12-23 14:54:08
@R. Bemrose: sure, that is the case: but it doesn't explain the behaviour of UrlPathEncode. Presumably, it should never corrupt your url (which it does, not encoding %, for instance), and in any case, if your url is already correctly delimited into components by ? and # tokens, what's the point of further encoding? If the url path contains tokens that need encoding, then it's obviously not safe to pass the entire url to the encoding function - that's an invalid and perhaps corrupted url, almost by definition. In short, the function isn't specified and its most reasonable use is impossible.
Eamon Nerbonne
2010-01-26 15:02:25