I'm using Bitly to shorten some URLs (which I have no control over), and the URLs are formatted like:
http://example.net?someParam=abc%2Fdef
Unfortunately, when I pass that URL to Bitly, the %2F gets URL decoded back to a /. I've checked through the documentation and I can't see any setting to preserve the encoding.
I've also tried encoding the % as %25 first, but Bitly seems to be selective in which encoded characters to decode - the %25 remains encoded.
Any ideas how to get around this or whether it's something Bitly can support?
Using this endpoint btw: https://api-ssl.bitly.com/v4/shorten
Related
I want to prevent xss in my application. I have an text input for which I should be able to accept for example <script>alert(1)</script> but as I save this, if I encode it using : System.Web.HttpUtility.HtmlEncode(Me.txtUsername.Text)
I will be able to save the encoded version of this string:
<script>alert(1)</script>
how should I show this later on without letting the script be executed?
if I decode it the script will be executed.
I want to later on show this as <script>alert(1)</script>
Just show the text. Don't decode it. Let the browser do that for you.
<script>alert(1)</script>
See also this answer regarding other types of XSS vulnerabilities that html encoding doesn't protect you from: https://stackoverflow.com/a/70222/69527
If your text is not being decoded you may use jQuery
$("<div/>").html(yourString).text();
Trying to add a sharing function to my site, but GPlus seems to have trouble sharing url's with spaces in them.
Even escaped they dont seem to work.
eg;
https://plus.google.com/share?url=http://www.google.com/%23test%20test
It only seems to recognize upto before the %20.
Any ideas? Is this a bug? Am I doing something wrong?
The site is rather ajaxy, and in the history tokens would be a pain to need to use non-standard escaping of characters just for google plus.
I don't think that this is a bug with Google+ but rather its likely intentional because those URLs would need to be double URL encoded because one URL is sharing a second URL, thus your shared URL should be http%3A%2F%2Fwww.google.com%2F%2523test%2Btest
This won't work to create a preview in the share snippet but the URL is correct when it is shared.
All said, you shouldn't use spaces in your URLs because they are considered unsafe, see RFC 1738. You should change your app's URL structure.
I need to encode an url in javascript and decode it in php.. how can I do this? I tried using encodeURI and encodeURIComponent functions with urldecode in php but it doesnt work...
Encoding URLs in Javascript should work fine with encodeURI(). See here:
Encode URL in JavaScript?
In PHP, if the URL you're reading is being passed through a GET parameter, there's no need to decode it. It's already been done. Otherwise, urldecode() is your answer.
You're gonna need to post more info if you need more help.
So, i have an url - http://somesite.com/#sometext. I need to shorten this url with the bit.ly API. The problem is, i cant properly escape the '#' symbol. I dont get any short url's if trying to short this one with the API. But i can simply short any other url's (without the '#').
The thing is i can properly shorten this url on bit.ly website and in TweetDeck (they using the API too, right?). But i cant manage to shorten it with the API.
Some suggestions?
Thanks you.
You can escape the URL fragment (#something) before sending it to bit.ly for shortening. URL fragment by definition won't leave the browser when submitted to the server. Escaping it allows it to go through. E.g. in Javascript, escUrl = encodeURIComponent(url) would do it.
I'm building a little app that uses the twitter search api: http://search.twitter.com/search.json?q=funny
Now everything is working great, but sometimes it messes up my PHP script when the tweets contain chineze chars. Now on my site I use UTF-8 meta headers. Can someone tell me how to convert the following chars which were outputted by the Twitter API to a readable format?
EXAMPLE OUTPUT:
\u525B\u624D\u5728igfw.tk\u770B\u5230\u6709\u4E00\u500B\u535A\u5BA2\u63D0\u4F9B\u6BCF\u534A\u5C0F\u6642\u6539\u5BC6\u78BC\u7684ssh,\u62FF\u4F86\u7DF4\u7FD2\u4E00\u4E0Bbash\u8173\u672C\uFF0C\u65B7\u958B\u5F8C\u6703\u81EA\u52D5\u91CD\u65B0\u9023\u63A5\uFF0C\u4F7F\u7528Ctrl-C\u9000\u51FA,Cygwin\u4E0A\u7DE8\u5BEB\uFF0CLinux\u8A72\u6C92\u554F\u984C\uFF0CMAC\u81EA\u884C\u6E2C\
the \uXXXX are unicode codes for the characters
you could use a table of values pairing with the utf. or pack the string as json and use json_decode that already has that behavior.
you can see an example of how to do the conversion in the Service_json.json_decode() source, as one implementation that comes to my mind now
http://pear.php.net/package/Services_JSON/redirected