All geek questions in one place

How to get QueryString from href?

I'm trying to stop the XSS attack, so I use the html agility pack to make my whitelist and script library for Microsoft Anti-Cross Site to handle the rest.

Now I am looking at the encoding of all html hrefs. I get a large line of html code that may contain hrefs. They have a URL in Accours for MS Library, but if you encode the whole URl, then it cannot be used. Therefore, in this example, they simply encode the query string

UrlEncode Invalid input used in URL (for example, value in querystring) Click Here!

http://msdn.microsoft.com/en-us/library/aa973813.aspx

So now my questions are: how can I parse href and find the query string. Is it always this? then a query string, or can it have spaces and be written differently?

Edit

These URLs will not be written by me, but by users who share them. So I need a way to make sure that I get all the query strings, not just those that are in a valid format. If it can work with an invalid format, I also have to capture them. Hackers do not care if it is a valid format or not if it is still doing what it wants.

+3
source share
3 answers

I believe this is always part after? but you can easily use the Uri class for this:

Uri uri = new Uri("http://foo.com/page.html?query");
string query = uri.Query;

What will include? myself. Of course, you can also get other bits, which may be convenient.

+5
source

,
Request.PathInfo, ?

0

Here's a W3C link regarding the composition of a URI with querystrings, which says in part:

The question mark ("?", ASCII 3F hex) is used to delimit the border between the URIs of the requested object, and the set of words used to express the request for this object.

0
source

Source: https://habr.com/ru/post/1750839/

More articles:


All Articles