Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have noticed that IE7 does not url-encode querystring parameters retrieved from javascript, e.g:
var qs = location.search;
In Firefox, the parameters are encoded. How can I write IE-specific code to URL-encode the parameters in the same fashion as FireFox?
For example, in Firefox, this querystring:
?val=<script>
//gets rewritten as:
?val=%3Cscript%3E
Normally, the correct function to URL-encode a string for use in part of a URL is
encodeURIComponent. Don’t useescape, which is an obsolescent non-standard custom encoding scheme unique to JavaScript. It looks like URL-parameter-encoding, but treats pluses and all non-ASCII characters differently. Put it together with a standard URL decoder and you get errors.However, you shouldn’t call
encodeURIComponentoverlocation.searchif it’s giving you bad characters like<or>(which shouldn’t appear in a URL, but which IE allows you to enter), because it will double-encode characters that are already correctly encoded; for example a real%3Cin the address (from if the user has followed a correctly-formed link to your site) will get mis-converted to%253C.Fixing up ‘unsafe’ URL characters whilst leaving already-encoded characters alone is what the
encodeURIfunction is for; try that (on all browsers, no need for sniffing). It’s rarely used, but could be what you need. Otherwise, you’re looking at an annoying regexp-and-hex-encoding-function replacement.