wood burning stoves 2.0*
The moose likes Servlets and the fly likes why encode URL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "why encode URL" Watch "why encode URL" New topic
Author

why encode URL

Vasim Patel
Ranch Hand

Joined: Apr 29, 2004
Posts: 87
Hi,

I understand that some characters are not safe to use in a URL without first being encoded.

I also understand that this is for security reasons.
But if the encoding rules are known as below

%20 is a space,
%3A is a : (colon)
etc..

can n user not decode the URL if he knows the encoded url?

Can someone tell me why URL encoding is used?
Albert M
Greenhorn

Joined: Aug 04, 2004
Posts: 5
Originally posted by Vasim Patel:
I also understand that this is for security reasons.


URL encoding is generally not used to encode it for the user's eyes.

Not all characters are allowed in a url, like the space.
This is an invalid url:
http://localhost/My Testpage.jsp

To get a valid url, you have to replace the space by it's encoding:
http://localhost/My%20Testpage.jsp

Also think about parameters with characters which would cause problems:
http://localhost/show.jsp?type=bed&breakfast
Your jsp will get two parameters:
type=bed and breakfast=
instead of
type=bed&breakfast
So you have to encode the & character.

Regards,
Arjan
Vasim Patel
Ranch Hand

Joined: Apr 29, 2004
Posts: 87
Thanks Arjaan

Not all characters are allowed in a url, like the space.
This is an invalid url:
http://localhost/My Testpage.jsp
To get a valid url, you have to replace the space by it's encoding:
" target="_blank" rel="nofollow">http://localhost/My%20Testpage.jsp


Why do we need URLs with spaces. Can you give me a practical example.
Albert M
Greenhorn

Joined: Aug 04, 2004
Posts: 5
Originally posted by Vasim Patel:
Why do we need URLs with spaces. Can you give me a practical example.


Normally you don't need spaces and it's best to avoid them.

But they are used sometimes, mostly by people using Microsoft Frontpage

Regards,
Arjan
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30512
    
150

Vasim,
URLs with spaces (and other special charactes) often come up when you are attempting to submit a form using GET with parameters. Suppose a parameter is the user name. I could easily wind up with something like this:

I would need to encode this to get rid of the space.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16055
    
  21

In Servlet terms, URL encoding doesn't refer to any sort of encrytion, obfuscation or escapes sequences. It refers to the enhancement of URLs so that browsers that have cookies disabled (or old browsers that that don't support cookies) can still maintain Java Sessions.

see: Sun's web page


Customer surveys are for companies who didn't pay proper attention to begin with.
Albert M
Greenhorn

Joined: Aug 04, 2004
Posts: 5
Originally posted by Tim Holloway:
In Servlet terms, URL encoding doesn't refer to any sort of encrytion, obfuscation or escapes sequences. It refers to the enhancement of URLs so that browsers that have cookies disabled (or old browsers that that don't support cookies) can still maintain Java Sessions.


However, the java.net.URLEncoder is about escaping illegal characters.

See: http://java.sun.com/j2se/1.4.2/docs/api/java/net/URLEncoder.html

Regards,
Arjan
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61198
    
  66

Whether you call it escaping or encoding is moot -- just don't call it encrypting, 'cause it's not.

The point is that special characters such as ?, & and = are used in the parsing of URLs, and if the parameter values contain these characters, the URL cannot be correctly parsed.

Encoding the URL parameters ensures that the URL can be parsed as intended.
[ August 12, 2004: Message edited by: Bear Bibeault ]

[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Peter Bell
Greenhorn

Joined: Mar 25, 2003
Posts: 19
e.g. if there was an & in a parameter value that would be interpreted as being the end of that parameter. Which could mess up the parsing of the other paramters. So paramter names and paramater values should always be url encoded when you are not certain of what they will contain.


RimuHosting - JSP and Java Hosting
 
Don't get me started about those stupid light bulbs.
 
subject: why encode URL