Difference between Url Encode and HTML encode
HTML Encoding escapes special characters in strings used in HTML documents to prevent confusion with HTML elements like changing
"<hello>world</hello>"
to
"<hello>world</hello>"
URL Encoding does a similar thing for string values in a URL like changing
"hello+world = hello world"
to
"hello%2Bworld+%3D+hello+world"
does HTMLEncode(URLEncode(string)) always = URLEncode(HTMLEncode(string))?
If you mean URLEncode like JavaScript's encodeURI function then no the order doesn't matter.
If you mean URLEncode like JavaScript's encodeURIComponent then yes the order does matter.
Small example encoding the ampersand (&)
url + html: %26amp%3B
html + url: %26
What's the difference between System.Web.HttpUtility.HtmlEncode and HttpServerUtility.UrlEncode
Well, for starters you're comparing apples to oranges. HtmlEncode
deals with characters specific to the HTML language, where UrlEncode
is for formatting characters that aren't valid in a URL.
They both have their uses, and by their names it should be obvious which you need to use for the problem you're trying to solve.
The Client Framework excludes those .Net features that are typically only used in server applications...of course we usually find that we need that one method which isn't included in the Client Framework to do what we need, so alot of projects that do something creative or interesting end up targeting the full .Net Framework by the time they are finished.
Difference between + and %A0 - urlencoding?
%A0
indicates a NBSP (U+00A0). +
indicates a normal space (U+0020). The NBSP displays as a replacement character (U+FFFD) because the encoding of the character does not match the encoding of the page, so its byte sequence is not valid for the page.
What is the difference between Html::encode() and just the basic html code in YII2?
Docs and source code can tell you everything.
Basically Html::encode()
is just the wrapper of htmlspecialchars
native PHP function:
Encodes special characters into HTML entities.
The application charset will be used for encoding.
To understand the basic difference and benefit of that, try to echo:
$string = '<script>alert(1);</script>';
echo $string;
and then:
echo Html::encode($string);
So encode
is useful for filtering user saved data. If the data comes from developer, not from user, you may not apply encode
and HTML will be displayed as is.
Official docs:
- Html::encode()
- htmlspecialchars
Once something is HTML or URL encoded should it ever be decoded? Is encoding enough?
It's hard to say if you're using it correctly. If you use UrlEncode when building a query string which is then output as a link in a page then yes that's correct. If you're Html Encoding when you write something out as a value then yes, that's correct (well kind of, if it's set via an HTML attribute you ought to use HtmlAttributeEncode, but they're pretty much the same.)
The .NET decoders work with AntiXSS's encoded values, so there was no point in me rewriting them grin
The point of encoding is that you do it when you output. So, for example, if a user has, on a form, input window.alert('Numpty!) and you just put that input raw in your output the javascript would run. If you encoded it first you would see < become < and so on.
No, SQL injection is an entirely different problem.
What is the difference between urlencode and rawurlencode?
It depends on what you are after. A main difference between them is the standard that they encode to of course, but also spaces.
urlencode
encodes the same way that form data is encoded
urlencode
encodes spaces as +
symbols while rawurlencode
encodes them as %20
.
Therefore when dealing with form data, urlencode would be preferable (as forms encode spaces as + signs too). Otherwise rawurlencode is a wiser choice in my opinion.
For example, you may want to mimic form data being submitted via a URL, you would use urlencode.
URL encode sees “&” (ampersand) as “&” HTML entity
Without seeing your code, it's hard to answer other than a stab in the dark. I would guess that the string you're passing to encodeURIComponent(), which is the correct method to use, is coming from the result of accessing the innerHTML property. The solution is to get the innerText/textContent property value instead:
var str,
el = document.getElementById("myUrl");
if ("textContent" in el)
str = encodeURIComponent(el.textContent);
else
str = encodeURIComponent(el.innerText);
If that isn't the case, you can use the replace() method to replace the HTML entity:
encodeURIComponent(str.replace(/&/g, "&"));
Related Topics
Using .Otf Fonts on Web Browsers
Why Are Dashes Preferred for CSS Selectors/HTML Attributes
Form Inline Inside a Form Horizontal in Twitter Bootstrap
How to Remove Focus Around Buttons on Click
Prevent "Overscrolling" of Web Page
How to Add a Font Awesome Icon to Input Field
How to Export Rmarkdown File to HTML Document with Two Columns
How to Give Iframe 100% Height
Default Text Which Won't Be Shown in Drop-Down List
Difference Between Url Encode and HTML Encode
Why Is the Span's Line-Height Useless
How to Align Entire HTML Body to the Center
iOS 11 Safari Bootstrap Modal Text Area Outside of Cursor
How to Disable Form Fields Using CSS
Table Scroll with HTML and CSS