如何阻止浏览器对 GET 上的表单值进行 url 编码

发布于 2024-09-04 10:47:45 字数 156 浏览 6 评论 0原文

我有一个带有 method="get" 的表单。在表单中,我需要传递 CSS 文件的 URL,但它正在将其编码为 http%3A%2F%2Fwww... 等。

有没有办法停止 URL 的编码:它正在破坏文件。

谢谢

I have a form with method="get". In the form I need to pass the URL of a CSS file but it is encoding it to http%3A%2F%2Fwww... etc.

Is there a way to stop the encoding of the URL as it is breaking the file.

Thanks

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

最冷一天 2024-09-11 10:47:45

背景

It's a bit more subtle than one might think at first sight. For any URL, which is a specific form of the URI standard, certain characters are special. Among the special characters are `:` (scheme separator) and `/` (path or hierarchy separator), here's the full list of reserved symbols from [RFC-2396][1]:

保留=“;” | “/”| “?” | “:”| “@” | “&” | “=” | “+”|
              “$” | “,”

它与安全性关系不大,更多的是简单地遵循一个标准:这些符号在任何 URI、URL 或 URN 中都意味着特殊的东西。当您需要将它们用作路径或查询字符串的一部分(GET 请求为您创建查询字符串)时,您需要对它们进行转义。转义的简短版本是:将 UTF-8 字节视为十六进制,并在它们前面加上 % 符号。对于保留字符,它始终是 UTF-8 中的单字节字符,因此转义为两个十六进制数字。

解决方案路径

Back to your problem. You didn't mention what language you were using. But any language that works with the internet has a way of encoding or decoding URLs. Some have helper functions to decode an entire URL, but normally you are better of splitting it into a name/value pairs and then decoding it. This will give you the absolute URL-path you need.

注意:最好始终对查询值进行解码,因为当人们输入一个值时,他们不知道该值是否被保留,浏览器会为您对其进行编码。不这样做会带来安全风险。

编辑:当您需要在页面内而不是在服务器端进行解码时,您将需要 JavaScript 来完成这项工作。请查看此页面以获取 en/decoding 网址,或者使用 Google 查找更多其他网址。

Background

It's a bit more subtle than one might think at first sight. For any URL, which is a specific form of the URI standard, certain characters are special. Among the special characters are `:` (scheme separator) and `/` (path or hierarchy separator), here's the full list of reserved symbols from [RFC-2396][1]:

reserved    = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" |
              "$" | ","

It has little to do with security, much more with simply following a standard: these symbols mean something special in any URI, URL or URN. When you need to use them as part of a path or a querystring (the GET request creates a query string for you), you need to escape them. The short version of escaping is: take the UTF-8 bytes as hexadecimal and precede them with a % sign. In the case of the reserved characters, that's always a single-byte character in UTF-8 and thus escaped as two hex digits.

Path to a solution

Back to your problem. You didn't mention what language you were using. But any language that works with the internet has a way of encoding or decoding URLs. Some have helper functions to decode an entire URL, but normally you are better of splitting it into a name/value pairs and then decoding it. This will give you the absolute URL-path you need.

Note: it is best to always decode query values, simply because when people type in a value, they won't know whether that value is reserved, and the browser will encode it for you. Not doing so poses a security risk.

EDIT: When you need to decode within a page, not on the server side, you're going to need JavaScript to do the job. Have a look at this page for en/decoding URLs, or use Google to find many others.

深爱成瘾 2024-09-11 10:47:45

不,你不能。需要进行编码才能生成有效的 URL。

相反,解码接收代码中的值(无论如何,您在什么平台上,URL 解码通常会自动为您完成)

No, you can't. The encoding is required to make a valid URL.

Instead, decode the value in your receiving code (what platform are you on anyways, URL decoding is usually done automatically for you)

何其悲哀 2024-09-11 10:47:45

如果您使用 XMLHttpRequest 您可以发送文本而无需编码。
您可以使用 JavaScript 来执行此操作,但请记住将 content-type 设置为 text/plain

content-type: text/plain

If you used XMLHttpRequest you can send text without encoding.
You can use JavaScript to do that, but remember to set content-type to text/plain.

content-type: text/plain
过潦 2024-09-11 10:47:45

不,出于安全原因,您不能这样做。您必须在接收端收集并解码它。

No for security reason you can't do this. You have to collect and decode it at the receiving end.

秋意浓 2024-09-11 10:47:45

当您使用 FORM 和 GET 方法以及一些特殊字符时,您最终将得到浏览器对结果查询进行编码的结果。
对于支持在不刷新页面的情况下更改 URL 地址的较新浏览器 (IE10+),可以解码 URL 查询字符串并更新地址。

我正在使用这样的脚本:

    <script type="text/javascript">
    if (history.pushState) { //IE10+
        var newurl = window.location.protocol + "//" + window.location.host + window.location.pathname + decodeURIComponent(window.location.search);
        window.history.pushState({path:newurl},'',newurl);
    }
    </script>

这将转换 http://example.com/ page.html?path=foo%2Fbar 返回到 http://example. com/page.html?path=foo/bar

When you use FORM and GET method and some special chars, you will end up with browser encoding the resulted query.
For newer browsers that support changing the URL address without refreshing the page (IE10+), is possible to decode the URL query string and update the address.

I'm using a script like this:

    <script type="text/javascript">
    if (history.pushState) { //IE10+
        var newurl = window.location.protocol + "//" + window.location.host + window.location.pathname + decodeURIComponent(window.location.search);
        window.history.pushState({path:newurl},'',newurl);
    }
    </script>

This will transform a http://example.com/page.html?path=foo%2Fbar back to http://example.com/page.html?path=foo/bar

走走停停 2024-09-11 10:47:45

您可以使用 javascript 函数解码 url:decodeURIComponent(Url );
因为浏览器对 Url 进行了特殊字符编码。例如: https://www.example.com 编码为 %20https%3A%2F %2Fwww.example.com。这里的特殊字符被替换为 % 及其 ASCI 值。

You can decode the url using javascript Function: decodeURIComponent(Url );
Because Browser encodes the Url for special characters . For example : https://www.example.com is encoded to %20https%3A%2F%2Fwww.example.com. Here the special characters are replaced by % and its ASCI value.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文