Geek Answers Handbook

How to leave URLs unbound in ASP.NET MVC?

I noticed that the return URL in Stackoverflow's I / O links is not escaped, but when I try to add a path as a parameter to the route that it slipped away.

So / login? returnurl = / questions / ask shows / login? returnurl =% 2fquestions% 2fask and this is kind of ugly. How can I make it not shy away from returnurl value?

Here is what I do in the code:

Html.ActionLink("Login", "Login", "Account", new { returnurl=Request.Path }, null)
+7
asp.net-mvc urlencode routes
source share
5 answers

I understand one of the comments about coding occurring for a reason; it will be only an exception, not a rule.

Here's what I put together, how can I improve it?

  public static string ActionLinkNoEscape(this HtmlHelper html, string linkText, string actionName, string controllerName, object values, object htmlAttributes) { RouteValueDictionary routeValues = new RouteValueDictionary(values); RouteValueDictionary htmlValues = new RouteValueDictionary(htmlAttributes); UrlHelper urlHelper = new UrlHelper(html.ViewContext.RequestContext, RouteTable.Routes); string url = urlHelper.Action(actionName, controllerName); url += "?"; List<string> paramList = new List<string>(); foreach (KeyValuePair<string, object> pair in routeValues) { object value = pair.Value ?? ""; paramList.Add(String.Concat(pair.Key, "=", Convert.ToString(value, CultureInfo.InvariantCulture))); } url += String.Join("&", paramList.ToArray()); TagBuilder builder = new TagBuilder("a"); builder.InnerHtml = string.IsNullOrEmpty(linkText) ? "" : HttpUtility.HtmlEncode(linkText); builder.MergeAttributes<string, object>(htmlValues); builder.MergeAttribute("href", url); return builder.ToString(TagRenderMode.Normal); }
+1
source share

How can I make it not run away returnurl value

How about this?

 var url = Url.Action("Login", "Account", new {returnurl = Request.Path}); var unEncodedUrl = HttpUtility.UrlDecode(url); Response.Write("<a href='" + unEncodedUrl + "'>...</a>");

Make sure that what you want URL encoding has its purpose.

+6
source share

The parameter is not canceled. You will see the url:

 http://stackoverflow.com/users/login?returnurl=%2fquestions%2fask

really works - SO reads and cancels this parameter as usual. If you want to include other characters outside the bounds, such as the '&' in the parameter, you still have to avoid them.

The trick is that the "/" character, in particular, does not have to be% -shielded in the query parameters. It must be escaped in other contexts, for example, in part of the path, so URLEncode always encodes it to be safe.

If you just want the URL to look prettier, just avoid the parameter as usual (which you should do to avoid all other characters that need to be processed correctly), and then replace the string with "% 2f" with "% 2f" , / '.

+1
source share

My solution to a similar problem was to write my own extension. After digging in the code, I could not find a way to do it differently. It might look like this.

 public static class HtmlHelperExtensions { public static string LoginLinkWithReturnUrl( this HtmlHelper helper, string linkText, string action, string controller, string returnUrl, object htmlAttributes ) { TagBuilder builder = new TagBuilder("a"); builder.Attributes.Add( "href", string.Format( "/{0}/{1}?returnurl={2}", controller, action, returnUrl ) ); var attrDict = new RouteValueDictionary( htmlAttributes ); builder.MergeAttributes( attrDict ); builder.InnerHtml = linkText; return builder.ToString(); } }

I think I had the same problem as when using UrlHelper, so I went using the string.Format mechanism. YMMV.

0
source share

I do not believe that around him there is a way that is built into the framework. The actual construction of the URL occurs in the System.Web.Routing.ParsedRoute.Bind method, and there are no conditions used to prevent escaping.

The extension method seems to be a way, but one that is a little more stable than the previous one.

0
source share

More articles:


All Articles