I'm developing a client application that needs to send the '&' character in HTTP requests as data. I DO NOT want these to be interpretted as the start of a new parameter but rather would like them passed to the application as parameter data. I realize that you need to URL encode characters with special meaning. My problem is that in .NET, when you attempt to create a URI with a %26 (the URL-encoded version of '&'), it automatically converts it back to the '&' character.
So for the following URL:
http://www.targetsite.com/application parameter1=whatever¶meter2=<script>l
ert()</script>
I need to change the '&'s in parameter2 to %26 like this:
http://www.targetsite.com/application parameter1=whatever¶meter2=%3Cscript%3E
%26%23x6C%26%23x65%26%23x72%26%23x74%26%23x28%26%23x29%3C%2F
script%3E
However, when I try to create a URI or pass the string to an HttpWebRequest .NET brings the '&'s back which looks like:
http://www.targetsite.com/application parameter1=whatever¶meter2=<script>&%23x6C
&%23x65&%23x72&%23x74&%23x28&%23x29</script>
Am I going about this the wrong way Any help would be greatly appreciated.
Thanks,
Jake
Adding URL-encoded '&'s as data in a URI parameter
Hot Topic
- [VB.net] Edit Access Database
- DataSet
- Question about List<T> and accessing a specific item
- Problem when sending email by System.Net.Mail
- NET v2 & NET v1.1.4322
- Is this a bug of ASP.Net 2.0 ? when I use relative paths in SqlXml class!
- BindingSource and BindingNavigator
- .Net connector for SAP and VS 2005
- Where to start? confused....
- Adding a reference to a Web Service in a VB6.0 batch job
.NET Development
- write xml and encoding
- Securing Connection String For SQLServer - Can it be done?
- Step into webservice from ASP.NET project - Typed Dataset parameter
- TabelAdapter/ToolBox
- How i get new ID after inserting data in table through command.ExecuteNonQuery
- I need help on embeding a database in an application
- How do I access messages in an Exchange mailbox using .NET
- TableAdapter insert/update/delete order
- crystal report dont show data .. but dataset contains data
- Remove a table from xml file using C#
Adding URL-encoded '&'s as data in a URI parameter
Tyler Sample
Thanks for looking into it. My main problem is that I need to create a URI in the first place with these values. All the URI constructors seem to unescape encoded characters. Actually I lied. I need to create an HttpWebRequest instance. However, from what I understand, when you construct this (myRequest = WebRequest.Create(http://blah.whatever.com) your string ends up as a URI, which is always going to unescape certain encoded characters. So I'm back to square one which is, how do I create an HttpWebRequest instance with %26's in the URI I've looked at AbsoluteUri as well but it's a read-only property.
So the bottom line is, I've got to be doing something fundamentally wrong. I mean, why would .NET include methods like HttpUtility.UrlEncode() that converts special characters like '&' to %26 only to unescape them when I try to put the output into a URI. My only guess is that these methods are used primarilly for responses and preventing script injection attacks. I'm trying to use them for requests because my application is actually a script injection testing tool.
RGrizzzz
dmihailescu
TasneemHasAQuestion
You can try escaping the '%' before the 26. This would change "%26" into "%2526" and may be a workaround for you.
SimpleSimon
Ok, sorry, I misunderstood what you were saying. I just did a simple Ethereal sniff and it is behaving as you said, using the AbsoluteUri property. I was mistakenly paying attention to:
Console.WriteLine(myRequest.RequestUri.ToString());
rather than
Console.WriteLine(myRequest.RequestUri.AbsoluteUri);
Thanks very much for your help.
Jake
SergeK