73

I have a Silverlight application that is building a URL. This URL is a call to a REST-based service. This service expects a single parameter that represents a location. The location is in the form of "city, state". To build this URL, I'm calling the following code:

string url = "http://www.example.com/myService.svc/";
url += HttpUtility.UrlEncode(locationTextBox.Text);

If a user enters "chicago, il" into locationTextBox, the result looks like this:

http://www.example.com/myService.svc/chicago%2c+il

In reality though, I was kind of expecting the URL to look like;

http://www.example.com/myService.svc/chicago,%20il

When testing my service via the browser URL, the one I am expecting works. However, the URL that is being generated is not working. What am I doing wrong?

Improve this question

4 Answers 4

Reset to default
109

I would recommend Uri.EscapeDataString instead of using HttpUtility functions. See discussion in Server.UrlEncode vs. HttpUtility.UrlEncode.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I tried this and still got the error for '#' character. Pls see my question here: stackoverflow.com/questions/31699335/…
8

Try to use the UrlPathEncode() method. View the remarks at: http://msdn.microsoft.com/en-us/library/h10z5byc.aspx

Quote:

You can encode a URL using with the UrlEncode() method or the UrlPathEncode() method. However, the methods return different results. The UrlEncode() method converts each space character to a plus character (+). The UrlPathEncode() method converts each space character into the string "%20", which represents a space in hexadecimal notation. Use the UrlPathEncode() method when you encode the path portion of a URL in order to guarantee a consistent decoded URL, regardless of which platform or browser performs the decoding.

Improve this answer

Comments

7

Since there isn't an example that actually uses Uri.EscapeDataString, I'll add mine.

using System;

var email = "[email protected]";
var url = $"https://api.domain.com/send-email?email={Uri.EscapeDataString(email)}";

In ASP.NET Core 8+, you can also QueryHelpers.AddQueryString which uses UrlEncoder.Default.Encode under the hood.

using Microsoft.AspNetCore.WebUtilities;
KeyValuePair<string, string?>[] queryString = [new("email", "[email protected]")];
QueryHelpers.AddQueryString("https://api.domain.com/send-email", queryString)
Improve this answer

Comments

0

The safest bet is to use the AntiXss library. It has more standard (and secure) versions for encoding contents to various purposes (like Url encodes, Html and HtmlAttribute encodes, and more). there's the old 3.1 version available for download from MS site (http://www.microsoft.com/downloads/details.aspx?FamilyId=051ee83c-5ccf-48ed-8463-02f56a6bfc09), which will work with older .NET versions, and the new one at http://wpl.codeplex.com/

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.