<globalization uiculture="pt-BR" culture="pt-BR" fileencoding="iso-8859-1" responseencoding="utf-8" requestencoding="utf-8">The newbiest programmers usualy forget the that his application users could insert special characters into a form. When sending parameter via QueryString the browsers always convert those special characters in an encoded form via one of these functions below:
- escape(), example:
@ is escaped to %7E
- encodeURI(), example: % is encoded to %25
- encodeURIComponent(), example: @ is encoded to %40
Request.Params["parameter's name"];But if you forget the explict encode, none of the functions below will be able to retrieve correctly those special chars:
- Microsoft.JScript.GlobalObject
.unescape(), complemented by escape() - Microsoft.JScript.GlobalObject
.decodeURI(), complemented by encodeURI() - Microsoft.JScript.GlobalObject
.decodeURIComponent(), complemented by encodeURIComponent() - Server.UrlDecode(), complemented by Server.UrlEncode()
Javascript (and also JScript) also has escape(), encodeURI() and encodeURIComponent() and their complementary functions, that have a slightly different results from ASP.NET ones.
No comments:
Post a Comment