Url encoded slash in url

Question

Url encoded slash in url

My map:

routes.MapRoute( "Default", // Route name "{controller}/{action}/{id}", // URL with params new { controller = "Home", action = "Index", id = "" } // Param defaults );

If I use the URL http://localhost:5000/Home/About/100%2f200 , then there is no corresponding route. I change the url to http://localhost:5000/Home/About/100 , after which the route maps again.

Is there an easy way to work with parameters containing slashes? Other escape values (space %20 ) seem to work.

EDIT:

For coding, Base64 works for me. This makes the URL ugly, but OK for now.

 public class UrlEncoder { public string URLDecode(string decode) { if (decode == null) return null; if (decode.StartsWith("=")) { return FromBase64(decode.TrimStart('=')); } else { return HttpUtility.UrlDecode( decode) ; } } public string UrlEncode(string encode) { if (encode == null) return null; string encoded = HttpUtility.PathEncode(encode); if (encoded.Replace("%20", "") == encode.Replace(" ", "")) { return encoded; } else { return "=" + ToBase64(encode); } } public string ToBase64(string encode) { Byte[] btByteArray = null; UTF8Encoding encoding = new UTF8Encoding(); btByteArray = encoding.GetBytes(encode); string sResult = System.Convert.ToBase64String(btByteArray, 0, btByteArray.Length); sResult = sResult.Replace("+", "-").Replace("/", "_"); return sResult; } public string FromBase64(string decode) { decode = decode.Replace("-", "+").Replace("_", "/"); UTF8Encoding encoding = new UTF8Encoding(); return encoding.GetString(Convert.FromBase64String(decode)); } }

EDIT1:

In the end, it turned out that the best way is to save a nicely formed string for each item I need to select. This is much better, because now I only encode values and never decrypt them. All special characters become "-". Many of my db tables now have an extra "url" column. The data is pretty stable, which is why I can go this route. I can even check if the data in the "URL" is unique.

EDIT2:

Also watch out for the space character. It looks fine on a VS-integrated web server, but different from iis7. Correct url encodes a space character

+55

c # asp.net-mvc urlencode asp.net-mvc-routing

Mathias F Feb 26 '09 at 17:58

source share

10 answers

Mehrdad Afshari · Answer 1 · 2009-02-26 18:01

If this is only your last parameter, you can do:

 routes.MapRoute( "Default", // Route name "{controller}/{action}/{*id}", // URL with parameters new { controller = "Home", action = "Index", id = "" }); // Parameter defaults

Andrew Arnott · Answer 2 · 2009-11-16 23:00

In .NET 4.0 beta 2, the CLR team proposed a workaround.

Add this to your web.config file:

 <uri> <schemeSettings> <add name="http" genericUriParserOptions="DontUnescapePathDotsAndSlashes" /> </schemeSettings> </uri>

This leads to the fact that the Uri class behaves in accordance with the RFC describing the URI, allowing slash screens to escape on the way without being uneconomical. The CLR team reports that they deviate from the specification for security reasons, and setting this in your .config file basically forces you to take responsibility for additional security considerations related to not breaking the slash.

Don Rolling · Answer 3 · 2011-03-09 16:06

Here is a simple explanation of the solution and a summation of what has already been said.

Request Party:

UrlEncode is your way.
Change to '!'.
Make a request.

Answer Side:

Replace '!' from '%'.
UrlDecode is your way.
Use the parameters as they were intended.

Rinse, repeat, enjoy.

Jon Galloway · Answer 4 · 2009-11-14 18:15

Another option is to use the querystring value. Very lame, but simpler than custom encoding.

 http://localhost:5000/Home/About?100%2f200

simonox · Answer 5 · 2010-09-28 07:38

The same goes for Java / Tomcat.

There is still a problem if you have encoded "/" (% 2F) in your url.

RFC 3986 - Section 2.2 says: "If the data for the URI component conflicts with the reserved character assignment as a delimiter, then the conflicting data must be encoded before the URI is encoded." (RFC 3986 - Section 2.2)

But there is a problem with Tomcat:

http://tomcat.apache.org/security-6.html - Fixed in Apache Tomcat 6.0.10
important: Bypassing the CVE-2007-0450 directory
Tomcat allows '\', '% 2F' and '% 5C' [...].
The following Java system properties were added to Tomcat for additional control over the processing of route separators in URLs (both defaults to false):
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH: true | Lying
org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH: true | Lying
Due to the inability to guarantee that all URLs are processed by Tomcat as they are in proxies, Tomcat should always be protected, as if there is no limited access to context b.
Affects: 6.0.0-6.0.9

So, if you have a URL with the% 2F character, Tomcat returns: "400 Invalid URI: noSlash"

You can enable the patch in the Tomcat startup script:

 set JAVA_OPTS=%JAVA_OPTS% %LOGGING_CONFIG% -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true

silentnoise · Answer 6 · 2016-03-16 17:15

You can avoid the double encoding / decoding suggestions described above and just use the HttpServerUtility.UrlTokenEncode and the corresponding UrlTokenDecode.

BillB · Answer 7 · 2009-11-21 19:44

This is interesting about .NET 4. In any case, this link describes RFC 1738 and includes which characters need to be encoded and which are simply "unsafe." link text

If I need an SEO friendly URL (for example, if you want to post the forum topic in the URL), skip the encoding and replace anything that is not AZ, az, 0-9.

 public static string CreateSubjectSEO(string str) { int ci; char[] arr = str.ToCharArray(); for (int i = 0; i < arr.Length; i++) { ci = Convert.ToInt32(arr[i]); if (!((ci > 47 && ci < 58) || (ci > 64 && ci < 91) || (ci > 96 && ci < 123))) { arr[i] = '-'; } } return new string(arr); }

user11406534 · Answer 8 · 2019-04-24 16:28

For the incoming encoded problem "/" I was able to fix my problem by adding "*" to intercept the id parameter, and then I could correctly pass the encoded "/" to the control (the parameter was a string encoded with '/')

 routes.MapRoute( name: "Default", url: "{controller}/{action}/{*id}", defaults: new { controller = "Control", action = "Action", id = UrlParameter.Optional })

Frosty Z · Answer 9 · 2011-08-30 10:05

As suggested here , when a problem arose with Symfony 1.x developers (+ suggested in PHP Comments for urlencode() ):

Encode '/' to '% 2F' before urlencode()
Decode '% 2F' before '/' after (if necessary) urldecode()

Note: you can use rawurlencode() , but you still have to specify '/' twice.

Benefits:

Avoids the need for additional screening processes (if you replace "/" with a special character like "!" Or "_")
Do not rely on any server settings such as AllowEncodedSlashes for Apache

shijas km · Answer 10 · 2012-06-22 07:23

Just use Server.UrlDecode . It will work, I tested.

Url encoded slash in url

More articles: