双编码 url 在 ASP.NET 中完全解码
我刚刚遇到了一些很奇怪的事情,但我还没有在互联网上找到任何提到有同样问题的其他人。
如果我使用双重编码的 url 访问 ASP.NET 应用程序,那么 Request["myQueryParam"] 将为我执行查询的双重解码。这是不可取的,因为我有充分的理由对查询字符串进行了双重编码。
其他人能否确认我没有做明显错误的事情,以及为什么会发生这种情况。一个解决方案来防止它,而不进行一些讨厌的查询字符串解析,也会很棒!
(参考%25是%符号)
然后查看Request["originalUrl"](页面或控制器)返回的字符串是:
http://localhost/Action/Redirect?Url=/someUrl?utm_medium=abc&utm_source=abc&utm_campaign=abc
我期望:
我还检查了 Fiddler 并且 URL 正在正确传递到服务器(一个可能的罪魁祸首可能是浏览器解码发送前的 URL)。
I have just come across something that is quite strange and yet I haven't found any mention on the interwebs of others having the same problem.
If I hit my ASP.NET application with a double encoded url then the Request["myQueryParam"] will do a double decode of the query for me. This is not desirable as I have double encoded my query string for a good reason.
Can others confirm I'm not doing something obviously wrong, and why this would happen. A solution to prevent it, without doing some nasty query string parsing, would be great too!
As an example if you hit the url:
http://localhost/MyApp?originalUrl=http%3a%2f%2flocalhost%2fAction%2fRedirect%3fUrl%3d%252fsomeUrl%253futm_medium%253dabc%2526utm_source%253dabc%2526utm_campaign%253dabc
(For reference %25 is the % symbol)
Then look at the Request["originalUrl"] (page or controller) the string returned is:
http://localhost/Action/Redirect?Url=/someUrl?utm_medium=abc&utm_source=abc&utm_campaign=abc
I would expect:
I have also checked in Fiddler and the URL is being passed to the server correctly (one possible culprit could have been the browser decoding the URL before sending).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
放心,HttpRequest 对编码参数的处理并没有被破坏。
事实上,作为超链接和从地址栏直接导航都会产生请求中的“预期”结果。
和
结果:
http://localhost/Action/Redirect?Url =%2fsomeUrl%3futm_medium%3dabc%26utm_source%3dabc%26utm_campaign%3dabc
您必须事先对 URL 执行某些操作,例如重定向或填充 ASP.NET 控件的 NavigateUrl 属性并让 ASP.NET 呈现它可能在到达目标页面之前执行第一次解码。
Relax, the handling of encoded parameters by HttpRequest is not broken.
In fact, both as a hyperlink and a direct navigation from address bar result in your 'expected' result in the Request.
and
result:
http://localhost/Action/Redirect?Url=%2fsomeUrl%3futm_medium%3dabc%26utm_source%3dabc%26utm_campaign%3dabc
You must be doing something with the URL beforehand, like redirecting or stuffing a NavigateUrl property of an asp.net control and letting asp.net render it which might be performing the first decode before it hits the target page.
我认为这与您的浏览器有关。
查看 Google 浏览器安全文档,以下浏览器会翻译非保留 %nn地址栏中的序列:MSIE7、MSIE8、FF3、Opera、Chrome。
您在哪些浏览器中测试了这个结果?
I think this has to do with your browser.
Looking at Google's Browser Security Document, the following browsers translate non-reserved %nn sequences in the address bar: MSIE7, MSIE8, FF3, Opera, Chrome.
In which browsers have you tested this outcome?