如何阻止浏览器在 GET 上对表单值进行 url 编码 [英] How can I stop the browser from url-encoding form values on GET
问题描述
我有一个带有 method="get" 的表单.在表单中,我需要传递 CSS 文件的 URL,但它将其编码为 http%3A%2F%2Fwww... 等.
有没有办法在破坏文件时停止 URL 的编码.
谢谢
背景
它比第一眼想象的要微妙一些.对于作为 URI 标准的特定形式的任何 URL,某些字符是特殊的.特殊字符包括 `:`(方案分隔符)和 `/`(路径或层次结构分隔符),这里是 [RFC-2396][1] 中保留符号的完整列表:<块引用>reserved = ";"|"/" |?"|":" |"@" |"&" |=" |"+" |"$" |","
它与安全性无关,更多的是简单地遵循一个标准:这些符号在任何 URI、URL 或 URN 中都意味着一些特殊的东西.当您需要将它们用作路径或查询字符串的一部分时(GET 请求为您创建一个查询字符串),您需要对它们进行转义.转义的简短版本是:将 UTF-8 字节作为十六进制并在它们前面加上 % 符号.在保留字符的情况下,它始终是 UTF-8 中的单字节字符,因此转义为两个十六进制数字.
解决方案的路径
回到你的问题.你没有提到你使用的是什么语言.但是任何与互联网配合使用的语言都有一种编码或解码 URL 的方法.有些具有解码整个 URL 的辅助函数,但通常最好将其拆分为名称/值对,然后对其进行解码.这将为您提供所需的绝对 URL 路径.注意:最好总是解码查询值,因为当人们输入一个值时,他们不知道该值是否被保留,浏览器会为你编码.不这样做会带来安全风险.
当您需要在页面内而不是在服务器端解码时,您将需要 JavaScript 来完成这项工作.查看此页面以获取编码/解码 URL,或使用 Google 查找许多其他 URL.
I have a form with method="get". In the form I need to pass the URL of a CSS file but it is encoding it to http%3A%2F%2Fwww... etc.
Is there a way to stop the encoding of the URL as it is breaking the file.
Thanks
Background
It's a bit more subtle than one might think at first sight. For any URL, which is a specific form of the URI standard, certain characters are special. Among the special characters are `:` (scheme separator) and `/` (path or hierarchy separator), here's the full list of reserved symbols from [RFC-2396][1]:reserved = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" | "$" | ","
It has little to do with security, much more with simply following a standard: these symbols mean something special in any URI, URL or URN. When you need to use them as part of a path or a querystring (the GET request creates a query string for you), you need to escape them. The short version of escaping is: take the UTF-8 bytes as hexadecimal and precede them with a % sign. In the case of the reserved characters, that's always a single-byte character in UTF-8 and thus escaped as two hex digits.
Path to a solution
Back to your problem. You didn't mention what language you were using. But any language that works with the internet has a way of encoding or decoding URLs. Some have helper functions to decode an entire URL, but normally you are better of splitting it into a name/value pairs and then decoding it. This will give you the absolute URL-path you need.Note: it is best to always decode query values, simply because when people type in a value, they won't know whether that value is reserved, and the browser will encode it for you. Not doing so poses a security risk.
EDIT: When you need to decode within a page, not on the server side, you're going to need JavaScript to do the job. Have a look at this page for en/decoding URLs, or use Google to find many others.
这篇关于如何阻止浏览器在 GET 上对表单值进行 url 编码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
