• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

why encode URL

 
Vasim Patel
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I understand that some characters are not safe to use in a URL without first being encoded.

I also understand that this is for security reasons.
But if the encoding rules are known as below

%20 is a space,
%3A is a : (colon)
etc..

can n user not decode the URL if he knows the encoded url?

Can someone tell me why URL encoding is used?
 
Albert M
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Vasim Patel:
I also understand that this is for security reasons.


URL encoding is generally not used to encode it for the user's eyes.

Not all characters are allowed in a url, like the space.
This is an invalid url:
http://localhost/My Testpage.jsp

To get a valid url, you have to replace the space by it's encoding:
http://localhost/My%20Testpage.jsp

Also think about parameters with characters which would cause problems:
http://localhost/show.jsp?type=bed&breakfast
Your jsp will get two parameters:
type=bed and breakfast=
instead of
type=bed&breakfast
So you have to encode the & character.

Regards,
Arjan
 
Vasim Patel
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Arjaan

Not all characters are allowed in a url, like the space.
This is an invalid url:
http://localhost/My Testpage.jsp
To get a valid url, you have to replace the space by it's encoding:
" target="_blank" rel="nofollow">http://localhost/My%20Testpage.jsp


Why do we need URLs with spaces. Can you give me a practical example.
 
Albert M
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Vasim Patel:
Why do we need URLs with spaces. Can you give me a practical example.


Normally you don't need spaces and it's best to avoid them.

But they are used sometimes, mostly by people using Microsoft Frontpage

Regards,
Arjan
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34071
331
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Vasim,
URLs with spaces (and other special charactes) often come up when you are attempting to submit a form using GET with parameters. Suppose a parameter is the user name. I could easily wind up with something like this:

I would need to encode this to get rid of the space.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 17989
47
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In Servlet terms, URL encoding doesn't refer to any sort of encrytion, obfuscation or escapes sequences. It refers to the enhancement of URLs so that browsers that have cookies disabled (or old browsers that that don't support cookies) can still maintain Java Sessions.

see: Sun's web page
 
Albert M
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Tim Holloway:
In Servlet terms, URL encoding doesn't refer to any sort of encrytion, obfuscation or escapes sequences. It refers to the enhancement of URLs so that browsers that have cookies disabled (or old browsers that that don't support cookies) can still maintain Java Sessions.


However, the java.net.URLEncoder is about escaping illegal characters.

See: http://java.sun.com/j2se/1.4.2/docs/api/java/net/URLEncoder.html

Regards,
Arjan
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64618
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Whether you call it escaping or encoding is moot -- just don't call it encrypting, 'cause it's not.

The point is that special characters such as ?, & and = are used in the parsing of URLs, and if the parameter values contain these characters, the URL cannot be correctly parsed.

Encoding the URL parameters ensures that the URL can be parsed as intended.
[ August 12, 2004: Message edited by: Bear Bibeault ]
 
Peter Bell
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
e.g. if there was an & in a parameter value that would be interpreted as being the end of that parameter. Which could mess up the parsing of the other paramters. So paramter names and paramater values should always be url encoded when you are not certain of what they will contain.
 
Consider Paul's rocket mass heater.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic