Difference Between Url Encode and HTML Encode

Difference between Url Encode and HTML encode

HTML Encoding escapes special characters in strings used in HTML documents to prevent confusion with HTML elements like changing

"<hello>world</hello>"

to

"<hello>world</hello>"

URL Encoding does a similar thing for string values in a URL like changing

"hello+world = hello world"

to

"hello%2Bworld+%3D+hello+world"

does HTMLEncode(URLEncode(string)) always = URLEncode(HTMLEncode(string))?

If you mean URLEncode like JavaScript's encodeURI function then no the order doesn't matter.

If you mean URLEncode like JavaScript's encodeURIComponent then yes the order does matter.
Small example encoding the ampersand (&)

url + html: %26amp%3B

html + url: %26

What's the difference between System.Web.HttpUtility.HtmlEncode and HttpServerUtility.UrlEncode

Well, for starters you're comparing apples to oranges. HtmlEncode deals with characters specific to the HTML language, where UrlEncode is for formatting characters that aren't valid in a URL.

They both have their uses, and by their names it should be obvious which you need to use for the problem you're trying to solve.

The Client Framework excludes those .Net features that are typically only used in server applications...of course we usually find that we need that one method which isn't included in the Client Framework to do what we need, so alot of projects that do something creative or interesting end up targeting the full .Net Framework by the time they are finished.

Difference between + and %A0 - urlencoding?

%A0 indicates a NBSP (U+00A0). + indicates a normal space (U+0020). The NBSP displays as a replacement character (U+FFFD) because the encoding of the character does not match the encoding of the page, so its byte sequence is not valid for the page.

What is the difference between Html::encode() and just the basic html code in YII2?

Docs and source code can tell you everything.

Basically Html::encode() is just the wrapper of htmlspecialchars native PHP function:

Encodes special characters into HTML entities.

The application charset will be used for encoding.

To understand the basic difference and benefit of that, try to echo:

$string = '<script>alert(1);</script>';

echo $string;

and then:

echo Html::encode($string);

So encode is useful for filtering user saved data. If the data comes from developer, not from user, you may not apply encode and HTML will be displayed as is.

Official docs:

  • Html::encode()
  • htmlspecialchars

Once something is HTML or URL encoded should it ever be decoded? Is encoding enough?

  1. It's hard to say if you're using it correctly. If you use UrlEncode when building a query string which is then output as a link in a page then yes that's correct. If you're Html Encoding when you write something out as a value then yes, that's correct (well kind of, if it's set via an HTML attribute you ought to use HtmlAttributeEncode, but they're pretty much the same.)

  2. The .NET decoders work with AntiXSS's encoded values, so there was no point in me rewriting them grin

  3. The point of encoding is that you do it when you output. So, for example, if a user has, on a form, input window.alert('Numpty!) and you just put that input raw in your output the javascript would run. If you encoded it first you would see < become < and so on.

  4. No, SQL injection is an entirely different problem.

What is the difference between urlencode and rawurlencode?

It depends on what you are after. A main difference between them is the standard that they encode to of course, but also spaces.

urlencode encodes the same way that form data is encoded

urlencode encodes spaces as + symbols while rawurlencode encodes them as %20.

Therefore when dealing with form data, urlencode would be preferable (as forms encode spaces as + signs too). Otherwise rawurlencode is a wiser choice in my opinion.

For example, you may want to mimic form data being submitted via a URL, you would use urlencode.

URL encode sees “&” (ampersand) as “&” HTML entity

Without seeing your code, it's hard to answer other than a stab in the dark. I would guess that the string you're passing to encodeURIComponent(), which is the correct method to use, is coming from the result of accessing the innerHTML property. The solution is to get the innerText/textContent property value instead:

var str, 
    el = document.getElementById("myUrl");

if ("textContent" in el)
    str = encodeURIComponent(el.textContent);
else
    str = encodeURIComponent(el.innerText);

If that isn't the case, you can use the replace() method to replace the HTML entity:

encodeURIComponent(str.replace(/&/g, "&"));

Related Topics

Using .Otf Fonts on Web Browsers

Why Are Dashes Preferred for CSS Selectors/HTML Attributes

Form Inline Inside a Form Horizontal in Twitter Bootstrap

How to Remove Focus Around Buttons on Click

Prevent "Overscrolling" of Web Page

How to Add a Font Awesome Icon to Input Field

How to Export Rmarkdown File to HTML Document with Two Columns

How to Give Iframe 100% Height

Default Text Which Won't Be Shown in Drop-Down List

Difference Between Url Encode and HTML Encode

Why Is the Span's Line-Height Useless

How to Align Entire HTML Body to the Center

iOS 11 Safari Bootstrap Modal Text Area Outside of Cursor

How to Disable Form Fields Using CSS

Table Scroll with HTML and CSS

Adding a Background Image to a <Div> Element

Make a Nav Bar Stick

Css: Workaround to Backdrop-Filter


Leave a reply



Submit