| Author |
 Topic  |
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
 Posted - 02 May 2006 : 03:30:17
|
Just a quick question.
The function ReplaceURLs filters some characters from URLs, like for instance the ",;,+,(,),*,',> and <.
I can imagine why you wouldn't want those characters in an URL, because of XSS attacks etc, but, I'm a bit confused about the + sign.
Is it so dangerous to allow the + to be used in an URL ?
It's giving some headaches when users want to post an URL that uses it.
If they post it as a normal URL, it works:
http://www.somewebsite.com/page.php?name=john+doe&otherparam=somethingelse
when encapsulating that same url in the URL tags, the + is removed, thus breaking the URL.
within the url tags: http://www.somewebsite.com/page.php?name=john doe&otherparam=somethingelse
within the url="" tags: testing.< |
portfolio - linkshrinker - oxle - twitter |
Edited by - MarcelG on 02 May 2006 03:30:58 |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 02 May 2006 : 03:58:11
|
| it is to prevent people posting javascript functions in the url's if it causes you a problem then just remove the check for + from your code< |
 |
|
|
muzishun
Senior Member
United States
1079 Posts |
Posted - 02 May 2006 : 11:01:54
|
Is it possible to use html entities in javascript? For example, would this:
if (x == y && y == z) {stuff here;}
Work for this:
if (x == y && y == z) {stuff here;}
My guess is that it wouldn't. Since the "&" is an html reference, and the "&" needs to be a literal character in javascript, I would assume that the first function wouldn't work at all. If that's the case, rather than filter symbols out of URLs, you could convert them to their html entity reference. These work just fine when used in URLs, but will probably still prevent the javascript from being included.
Here is a link to an entity reference list at W3Schools.< |
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com) |
Edited by - muzishun on 02 May 2006 11:03:11 |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 02 May 2006 : 11:19:59
|
| I don't know... I had some problems a while back with URLs that had "&" instead of a literal "&" - some of the querystring values weren't getting passed right. It could have just been a fluke, but I'd do some testing first...< |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 02 May 2006 : 11:23:59
|
| & amp; does not work in a url instead of &< |
Edited by - HuwR on 02 May 2006 11:24:52 |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 02 May 2006 : 11:43:21
|
quote:
Originally posted by HuwR
& amp; does not work in a url instead of &
I thought so. I was just thinking about what muzishun posted...
quote:
Originally posted by muzishun
My guess is that it wouldn't. Since the "&" is an html reference, and the "&" needs to be a literal character in javascript, I would assume that the first function wouldn't work at all. If that's the case, rather than filter symbols out of URLs, you could convert them to their html entity reference. These work just fine when used in URLs, but will probably still prevent the javascript from being included.
< |
|
|
|
muzishun
Senior Member
United States
1079 Posts |
|
| |
Topic |
|
question : filtering + from URLs
