All geek questions in one place

Should I url encode the URL query string parameter?

Just say that I have the following url that has a query string parameter which is url:

http://www.someSite.com?next=http://www.anotherSite.com?test=1&test=2

Should I encode next code? If I do this, who is responsible for decoding it - a web browser or my web application?

I ask, I see a lot of great sites that do things like the following

http://www.someSite.com?next=http://www.anotherSite.com/another/url

In the above, they are not worried about encoding the next parameter, because I assume they know that it has no parameters for the query string itself. Is it ok to do this if my next URL also does not contain any query string parameters?

+6
source share
1 answer

RFC 2396 sec 2.2 states that you must URL-code these characters anywhere where they are not used for their explicit meanings; those. you should always targetUrl + '?next=' + urlencode(nextURL) .

The web browser does not "decode" these parameters at all; the browser knows nothing about the parameters, but simply passes along the line. The request line of the form http://www.example.com/path/to/query?param1=value¶m2=value2 requested by the GET browser as:

 GET /path/to/query?param1=value&param2=value2 HTTP/1.1 Host: www.example.com (other headers follow)

On the backend you will need to analyze the results. I think the PHP $_REQUEST has already done this for you; in other languages ​​do you want to break the first character ? , then divide by & characters, then divide by the first character = , then urldecode and the name and value.

+6
source

Source: https://habr.com/ru/post/975669/

More articles:


All Articles