双编码 url 在 ASP.NET 中完全解码

发布于 2024-08-25 21:56:25 字数 1333 浏览 6 评论 0原文

我刚刚遇到了一些很奇怪的事情,但我还没有在互联网上找到任何提到有同样问题的其他人。

如果我使用双重编码的 url 访问 ASP.NET 应用程序,那么 Request["myQueryParam"] 将为我执行查询的双重解码。这是不可取的,因为我有充分的理由对查询字符串进行了双重编码。

其他人能否确认我没有做明显错误的事情,以及为什么会发生这种情况。一个解决方案来防止它,而不进行一些讨厌的查询字符串解析,也会很棒!

举个例子,如果你点击 url: http://localhost/MyApp?originalUrl=http%3a%2f%2flocalhost%2fAction%2fRedirect%3fUrl%3d%252fsomeUrl%253futm_medium%253dabc%2526utm_source%253dabc%2526utm_campaign%253dabc

(参考%25是%符号)

然后查看Request["originalUrl"](页面或控制器)返回的字符串是:

http://localhost/Action/Redirect?Url=/someUrl?utm_medium=abc&utm_source=abc&utm_campaign=abc

我期望:

http://localhost/ Action/Redirect?Url=%2fsomeUrl%3futm_medium%3dabc%26utm_source%3dabc%26utm_campaign%3dabc

我还检查了 Fiddler 并且 URL 正在正确传递到服务器(一个可能的罪魁祸首可能是浏览器解码发送前的 URL)。

I have just come across something that is quite strange and yet I haven't found any mention on the interwebs of others having the same problem.

If I hit my ASP.NET application with a double encoded url then the Request["myQueryParam"] will do a double decode of the query for me. This is not desirable as I have double encoded my query string for a good reason.

Can others confirm I'm not doing something obviously wrong, and why this would happen. A solution to prevent it, without doing some nasty query string parsing, would be great too!

As an example if you hit the url:
http://localhost/MyApp?originalUrl=http%3a%2f%2flocalhost%2fAction%2fRedirect%3fUrl%3d%252fsomeUrl%253futm_medium%253dabc%2526utm_source%253dabc%2526utm_campaign%253dabc

(For reference %25 is the % symbol)

Then look at the Request["originalUrl"] (page or controller) the string returned is:

http://localhost/Action/Redirect?Url=/someUrl?utm_medium=abc&utm_source=abc&utm_campaign=abc

I would expect:

http://localhost/Action/Redirect?Url=%2fsomeUrl%3futm_medium%3dabc%26utm_source%3dabc%26utm_campaign%3dabc

I have also checked in Fiddler and the URL is being passed to the server correctly (one possible culprit could have been the browser decoding the URL before sending).

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

烟若柳尘 2024-09-01 21:56:25

放心,HttpRequest 对编码参数的处理并没有被破坏。

事实上,作为超链接和从地址栏直接导航都会产生请求中的“预期”结果。

<a href="WebForm1.aspx?originalUrl=http%3a%2f%2flocalhost%2fAction%2fRedirect%3fUrl%3d%252fsomeUrl%253futm_medium%253dabc%2526utm_source%253dabc%2526utm_campaign%253dabc">HEY</a>

WebForm1.aspx?originalUrl=http%3a%2f%2flocalhost%2fAction%2fRedirect%3fUrl%3d%252fsomeUrl%253futm_medium%253dabc%2526utm_source%253dabc%2526utm_campaign%253dabc

结果:
http://localhost/Action/Redirect?Url =%2fsomeUrl%3futm_medium%3dabc%26utm_source%3dabc%26utm_campaign%3dabc

您必须事先对 URL 执行某些操作,例如重定向或填充 ASP.NET 控件的 NavigateUrl 属性并让 ASP.NET 呈现它可能在到达目标页面之前执行第一次解码。

Relax, the handling of encoded parameters by HttpRequest is not broken.

In fact, both as a hyperlink and a direct navigation from address bar result in your 'expected' result in the Request.

<a href="WebForm1.aspx?originalUrl=http%3a%2f%2flocalhost%2fAction%2fRedirect%3fUrl%3d%252fsomeUrl%253futm_medium%253dabc%2526utm_source%253dabc%2526utm_campaign%253dabc">HEY</a>

and

WebForm1.aspx?originalUrl=http%3a%2f%2flocalhost%2fAction%2fRedirect%3fUrl%3d%252fsomeUrl%253futm_medium%253dabc%2526utm_source%253dabc%2526utm_campaign%253dabc

result:
http://localhost/Action/Redirect?Url=%2fsomeUrl%3futm_medium%3dabc%26utm_source%3dabc%26utm_campaign%3dabc

You must be doing something with the URL beforehand, like redirecting or stuffing a NavigateUrl property of an asp.net control and letting asp.net render it which might be performing the first decode before it hits the target page.

两人的回忆 2024-09-01 21:56:25

我认为这与您的浏览器有关。

查看 Google 浏览器安全文档,以下浏览器会翻译非保留 %nn地址栏中的序列:MSIE7、MSIE8、FF3、Opera、Chrome。

您在哪些浏览器中测试了这个结果?

I think this has to do with your browser.

Looking at Google's Browser Security Document, the following browsers translate non-reserved %nn sequences in the address bar: MSIE7, MSIE8, FF3, Opera, Chrome.

In which browsers have you tested this outcome?

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文