Correctly Escape Apostroph in URI?

[Axel Dahmen]

Hi,

within a DataGrid control I'm using a DataTable containing a string column
to fill a Hyperlink's href attribute. Unfortunately HttpUtility.UrlEncode()
doesn't escape the apostroph character, thus ruining some of my hrefs.

How do I correctly escape any character using a Page's current encoding (I
don't want to hard-code the encoding)?

TIA,
Axel Dahmen

Sample code:
<a href='Search.aspx?txt=<%#
HttpUtility.UrlEncode(DataBinder.Eval(Container.DataItem,"Desc").ToString())
%>'>

 

[Tim_Mac]

hi,
you need HtmlEncode instead of UrlEncode
i get them mixed up all the time

hope this helps
tim

 

[Axel Dahmen]

Hi Tim,

thanks for trying to help! But nope, I've tested both versions. Neither of
them escape the apostrophe character. BTW: HtmlEncode doesn't yield useful
URIs.

Best regards,
Axel Dahmen



------------------

 

[Tim_Mac]

hi Axel,
apologies for my oversight.
i've done some testing and the apostrophe is one of the very few punctuation
characters that doesn't get escaped with HtmlEncode. i am guessing this is
because most HTML is marked up with double quotes, instead of single quotes,
and therefore wouldn't cause problems under whatever MS consider 'normal'
HTML use of quotes.

can you use double quotes in your HTML to avoid the problem?

certainly i think HtmlEncode is a better one to use for embedding in Html.
as you can see from the example below, the url encoding won't make much
sense to a html document:

some punctuation characters: ¬!"£$%^&*()_+-=[]{};'#~,./<>?\|
these characters, HtmlEncoded:
¬!&quot;£$%^&amp;*()_+-=[]{};'#~,./&lt;&gt;?\|
these characters, UrlEncoded:
%c2%ac!%22%c2%a3%24%25%5e%26*()_%2b-%3d%5b%5d%7b%7d%3b'%23%3a%40%7e%2c.%2f%3c%3e%3f%5c%7c+%0d%0a%0d%0a

hth
tim

 

[Axel Dahmen]

Hi Tim,

actually I'm using UrlEncode to encode a href in a <a> element. HtmlEncode
doesn't make sense here, I'm afraid, as the receiving server doesn't
understand HTML escapes given in an URI. HtmlEncode can only be used for
Html mark-up (as the name implies).

Actually, I am already using double quotes as a workaround. The problem:
VStudio doesn't open the ASP.NET page anymore in design mode if you include
databind expressions in double quotes because they interfere with the data
field's double quotes:

href="<%# DataBinder.Eval(Container.DataItem,"Desc") %>"
^ ^ ^ ^

So I'm forced to use single quotes if I want to open the page in design
view.

Thus I'm afraid my question still remains: There must be a general function
somewhere to give me a way to correctly escape *any* character I want.
Something like the Encoding class... I need a way to get back from a byte
array to a string. For this I need to know the sequence in which to read the
byte array. It should be given from an Encoding class member function...

Regards,
Axel

hi Axel,
apologies for my oversight.
i've done some testing and the apostrophe is one of the very few punctuation
characters that doesn't get escaped with HtmlEncode. i am guessing this is
because most HTML is marked up with double quotes, instead of single quotes,
and therefore wouldn't cause problems under whatever MS consider 'normal'
HTML use of quotes.

can you use double quotes in your HTML to avoid the problem?

certainly i think HtmlEncode is a better one to use for embedding in Html.
as you can see from the example below, the url encoding won't make much
sense to a html document:

some punctuation characters: ¬!"£$%^&*()_+-=[]{};'#~,./<>?\|
these characters, HtmlEncoded:
¬!&quot;£$%^&amp;*()_+-=[]{};'#~,./&lt;&gt;?\|
these characters, UrlEncoded:
%c2%ac!%22%c2%a3%24%25%5e%26*()_%2b-%3d%5b%5d%7b%7d%3b'%23%3a%40%7e%2c.%2f%3
c%3e%3f%5c%7c+%0d%0a%0d%0a

hth
tim

--------------------------
blog: http://tim.mackey.ie

Hi Tim,

thanks for trying to help! But nope, I've tested both versions. Neither of
them escape the apostrophe character. BTW: HtmlEncode doesn't yield useful
URIs.

Best regards,
Axel Dahmen

 

[Tim_Mac]

hi Axel,
i think the best you'll get is using UrlEncode in conjunction with:
..Replace("'", "%27")see this article from someone with the same problem:
http://blog.steeleprice.net/archive/2004/07/13/365.aspx
sorry i don't have a better answer.
tim

--------------------------
blog: http://tim.mackey.ie

Hi Tim,

actually I'm using UrlEncode to encode a href in a <a> element. HtmlEncode
doesn't make sense here, I'm afraid, as the receiving server doesn't
understand HTML escapes given in an URI. HtmlEncode can only be used for
Html mark-up (as the name implies).

Actually, I am already using double quotes as a workaround. The problem:
VStudio doesn't open the ASP.NET page anymore in design mode if you
include
databind expressions in double quotes because they interfere with the data
field's double quotes:

href="<%# DataBinder.Eval(Container.DataItem,"Desc") %>"
^ ^ ^ ^

So I'm forced to use single quotes if I want to open the page in design
view.

Thus I'm afraid my question still remains: There must be a general
function
somewhere to give me a way to correctly escape *any* character I want.
Something like the Encoding class... I need a way to get back from a byte
array to a string. For this I need to know the sequence in which to read
the
byte array. It should be given from an Encoding class member function...

Regards,
Axel

hi Axel,
apologies for my oversight.
i've done some testing and the apostrophe is one of the very few punctuation
characters that doesn't get escaped with HtmlEncode. i am guessing this is
because most HTML is marked up with double quotes, instead of single quotes,
and therefore wouldn't cause problems under whatever MS consider 'normal'
HTML use of quotes.

can you use double quotes in your HTML to avoid the problem?

certainly i think HtmlEncode is a better one to use for embedding in
Html.
as you can see from the example below, the url encoding won't make much
sense to a html document:

some punctuation characters: ¬!"£$%^&*()_+-=[]{};'#~,./<>?\|
these characters, HtmlEncoded:
¬!&quot;£$%^&amp;*()_+-=[]{};'#~,./&lt;&gt;?\|
these characters, UrlEncoded:
%c2%ac!%22%c2%a3%24%25%5e%26*()_%2b-%3d%5b%5d%7b%7d%3b'%23%3a%40%7e%2c.%2f%3
c%3e%3f%5c%7c+%0d%0a%0d%0a

hth
tim

--------------------------
blog: http://tim.mackey.ie

Hi Tim,

thanks for trying to help! But nope, I've tested both versions. Neither of
them escape the apostrophe character. BTW: HtmlEncode doesn't yield useful
URIs.

Best regards,
Axel Dahmen



------------------
"Tim_Mac" <Tim at mackey dot eye eee> schrieb im Newsbeitrag
hi,
you need HtmlEncode instead of UrlEncode
i get them mixed up all the time

hope this helps
tim

--------------------------
blog: http://tim.mackey.ie

Hi,

within a DataGrid control I'm using a DataTable containing a string
column
to fill a Hyperlink's href attribute. Unfortunately
HttpUtility.UrlEncode()
doesn't escape the apostroph character, thus ruining some of my hrefs.

How do I correctly escape any character using a Page's current encoding
(I
don't want to hard-code the encoding)?

TIA,
Axel Dahmen

Sample code:
<a href='Search.aspx?txt=<%#

HttpUtility.UrlEncode(DataBinder.Eval(Container.DataItem,"Desc").ToString())
%>'>

 

[Alan Silver]

HtmlEncode doesn't make sense here, I'm afraid, as the receiving server
doesn't understand HTML escapes given in an URI. HtmlEncode can only be
used for Html mark-up (as the name implies).

Actually, I think you need both. HTMLEncode *is* required (for valid
HTML) when putting the result in an href. If the URI to be used contains
non-standard charcaters, then you need to use UrlEncode *before*
HtmlEncode, to make sure the querystring parameters will be understood
by the receiving server.

Remember that the browser will un-HtmlEncode the contents of the href
before sending it off to the receiving server.

HTH

 

[Axel Dahmen]

Yes, I see you point. You're right on a first glimpse, but according to the
HTML spec there is no escaping necessary if the attribute value is put
within quotation marks. So the only character required to be escaped would
be the quotation mark itself. But - and this is the drawback here -
HtmlEncode doesn't escape a single quotation mark either.

I've now posted a corresponding suggestion to the Microsoft Product Feedback
Center under FDBK36356. It allows for any arbitrary character to be encoded.

Here's the short version:

" Add two new overloads to UrlEncode allowing to encode any arbitrary
character of a string given a second string or character array containing
all the characters to encode, like:

string HttpUtility.UrlEncode(string str, char[] anyof);
string HttpUtility.UrlEncode(string str, string anyof);

Given the existing UrlEncode() overloads this would yield 8 new overloads in
total.


Same for HtmlEncode(). "




----------------