Rails: Plus Sign in Get-Request Replaced by Space

Rails: Plus sign in GET-Request replaced by space

That's normal URL encoding, the plus sign is a shorthand for a space:

Within the query string, the plus sign is reserved as shorthand notation for a space. Therefore, real plus signs must be encoded. This method was used to make query URIs easier to pass in systems which did not allow spaces.

And from the HTML5 standard:

The character is a U+0020 SPACE character

Replace the character with a single U+002B PLUS SIGN character (+).

When should space be encoded to plus (+) or %20?

+ means a space only in application/x-www-form-urlencoded content, such as the query part of a URL:

http://www.example.com/path/foo+bar/path?query+name=query+value

In this URL, the parameter name is query name with a space and the value is query value with a space, but the folder name in the path is literally foo+bar, not foo bar.

%20 is a valid way to encode a space in either of these contexts. So if you need to URL-encode a string for inclusion in part of a URL, it is always safe to replace spaces with %20 and pluses with %2B. This is what, e.g., encodeURIComponent() does in JavaScript. Unfortunately it's not what urlencode does in PHP (rawurlencode is safer).

See Also

HTML 4.01 Specification application/x-www-form-urlencoded

Request Parameter Losing Plus Sign

+ means "space" in URLs. Replace it with %2B. You could do this just after composing descriptionsUrlAddition, for example.

descriptionsUrlAddition = descriptionsUrlAddition.replace("+", "%2B");

How to get params for url with whitespace as '%20' instead of '+' in Rails

I would recommend just sticking to the use of a gsub, perhaps with a comment to explain the need for such behaviour.

While you could solve the problem by use of URI.escape, it is supposedly deprecated, as it does not fully conform to RFC specs. See here for a great write-up on it.

Hash#to_param is an alias of Hash#to_query, which calls Object#to_query. The simplest example to demonstrate this + vs %20 issue is:

'John Key'.to_query(:name) # => "name=John+Key"

The implementation of Object#to_query is:

def to_query(key)
  "#{CGI.escape(key.to_param)}=#{CGI.escape(to_param.to_s)}"
end

And so, we find that:

CGI.escape("John Key") # => "John+Key"

Hence, this is why I have referenced the differences between CGI.escape and URI.escape.

How to have + in named routes in ruby on rails?

You can't 'simply' do this, you must URL encode it but in this way this will not be accomplished anyway.
Explanation here

My app cannot load some images from the server

Looks like you're not properly encoding your image names in the src attribute. I'd guess that you have a file with a name like this:

http:--www.urbandictionary.com-define.php?term=slim%20shady.jpg

But when you have this:

src="/images/image_site/http:--www.urbandictionary.com-define.php?term=slim%20shady.jpg?1309465379"

The filename looks like this:

/images/image_site/http:--www.urbandictionary.com-define.php

because everything after the first ? is considered to be part of the query string.

Replacing the slashes with hyphens is not good enough, you're still leaving all sorts of holes for confusion and nefarious intent. Instead, you should generate the image file names completely, something like id.jpg where id is the image's ID in your database. Then, store the original filename in your database and only show that filename (properly encoded!) to people, don't use it in your local file system.

A quick fix would be to properly URL encode your src attributes. But you really should fix up how you handle the images or you will leave yourself open to all sorts of trouble.

ajax - Why jquery replaces + with a space ( )?

In some GET and POST requests (most likely in the URL, or via a form), spaces are encoded as "+" (plus) symbols before they are passed to the server. You can see this behaviour if you do a normal GET request - you will see something like google.com?q=test+example If you want to pass a plus symbol via an ajax GET/POST request, you need to "urlencode" it. The URL encoded value for + is %2B.

Also note:

The javascript encodeURIComponent() function can be used, as answered in:

AJAX POST and Plus Sign ( + ) -- How to Encode?

---

Related Topics