Html 如何阻止浏览器在 GET 上对表单值进行 url 编码
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2949173/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How can I stop the browser from url-encoding form values on GET
提问by kristina
I have a form with method="get". In the form I need to pass the URL of a CSS file but it is encoding it to http%3A%2F%2Fwww...etc.
我有一个带有method="get". 在表单中,我需要传递 CSS 文件的 URL,但它正在将其编码为http%3A%2F%2Fwww...等。
Is there a way to stop the encoding of the URL as it is breaking the file.
有没有办法在破坏文件时停止 URL 的编码。
Thanks
谢谢
回答by Abel
Background
背景
It's a bit more subtle than one might think at first sight. For any URL, which is a specific form of the URI standard, certain characters are special. Among the special characters are :(scheme separator) and /(path or hierarchy separator), here's the full list of reserved symbols from RFC-2396:
它比第一眼想象的要微妙一些。对于作为 URI 标准的特定形式的任何 URL,某些字符是特殊的。特殊字符包括:(方案分隔符)和/(路径或层次分隔符),这里是RFC-2396中保留符号的完整列表:
reserved = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" |
"$" | ","
reserved = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" |
"$" | ","
It has little to do with security, much more with simply following a standard: these symbols mean something special in any URI, URL or URN. When you need to use them as part of a path or a querystring (the GET request creates a query string for you), you need to escape them. The short version of escaping is: take the UTF-8 bytes as hexadecimal and precede them with a %sign. In the case of the reserved characters, that's always a single-byte character in UTF-8 and thus escaped as two hex digits.
它与安全性无关,更多的是简单地遵循一个标准:这些符号在任何 URI、URL 或 URN 中都意味着一些特殊的东西。当您需要将它们用作路径或查询字符串的一部分(GET 请求为您创建一个查询字符串)时,您需要对它们进行转义。转义的简短版本是:将 UTF-8 字节作为十六进制并在它们前面加上一个%符号。在保留字符的情况下,它始终是 UTF-8 中的单字节字符,因此转义为两个十六进制数字。
Path to a solution
解决方法
Back to your problem. You didn't mention what language you were using. But any language that works with the internet has a way of encoding or decoding URLs. Some have helper functions to decode an entire URL, but normally you are better of splitting it into a name/value pairs and then decoding it. This will give you the absolute URL-path you need.
回到你的问题。你没有提到你使用的是什么语言。但是任何与互联网配合使用的语言都有一种编码或解码 URL 的方法。有些有帮助函数来解码整个 URL,但通常你最好将它拆分成一个名称/值对,然后解码它。这将为您提供所需的绝对 URL 路径。
Note: it is best to alwaysdecode query values, simply because when people type in a value, they won't know whether that value is reserved, and the browser will encode it for you. Not doing so poses a security risk.
注意:最好总是解码查询值,因为当人们输入一个值时,他们不知道该值是否被保留,浏览器会为你编码。不这样做会带来安全风险。
EDIT:When you need to decode within a page, not on the server side, you're going to need JavaScript to do the job. Have a look at this pagefor en/decoding URLs, or use Google to find many others.
编辑:当您需要在页面内而不是在服务器端解码时,您将需要 JavaScript 来完成这项工作。查看此页面以获取编码/解码 URL,或使用 Google 查找许多其他页面。
回答by Matti Virkkunen
No, you can't. The encoding is required to make a valid URL.
不,你不能。编码是生成有效 URL 所必需的。
Instead, decode the value in your receiving code (what platform are you on anyways, URL decoding is usually done automatically for you)
相反,解码接收代码中的值(不管你在什么平台上,URL 解码通常会自动为你完成)
回答by Salil
No for security reason you can't do this. You have to collect and decode it at the receiving end.
不,出于安全原因,您不能这样做。您必须在接收端对其进行收集和解码。
回答by crisc82
When you use FORM and GET method and some special chars, you will end up with browser encoding the resulted query. For newer browsers that support changing the URL address without refreshing the page (IE10+), is possible to decode the URL query string and update the address.
当您使用 FORM 和 GET 方法以及一些特殊字符时,您最终将使用浏览器对结果查询进行编码。对于支持在不刷新页面的情况下更改 URL 地址的较新浏览器 (IE10+),可以解码 URL 查询字符串并更新地址。
I'm using a script like this:
我正在使用这样的脚本:
<script type="text/javascript">
if (history.pushState) { //IE10+
var newurl = window.location.protocol + "//" + window.location.host + window.location.pathname + decodeURIComponent(window.location.search);
window.history.pushState({path:newurl},'',newurl);
}
</script>
This will transform a http://example.com/page.html?path=foo%2Fbarback to http://example.com/page.html?path=foo/bar
这会将http://example.com/page.html?path=foo%2Fbar转换回http://example.com/page.html?path=foo/bar
回答by Harshal Khatri
You can decode the url using javascript Function: decodeURIComponent(Url ); Because Browser encodes the Url for special characters . For example : https://www.example.comis encoded to %20https%3A%2F%2Fwww.example.com. Here the special characters are replaced by % and its ASCI value.
您可以使用 javascript 函数解码 url 函数:decodeURIComponent(Url); 因为浏览器对特殊字符的 Url 进行编码。例如: https://www.example.com被编码为%20https%3A%2F%2Fwww.example.com。此处特殊字符被 % 及其 ASCI 值替换。
回答by Yasser Gersy
If you used XMLHttpRequestyou can send text without encoding.
You can use JavaScript to do that, but remember to set content-typeto text/plain.
如果您使用过XMLHttpRequest,则无需编码即可发送文本。您可以使用 JavaScript 来做到这一点,但请记住设置content-type为text/plain.
content-type: text/plain
