By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,286 Members | 2,422 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,286 IT Pros & Developers. It's quick & easy.

Correctly Escape Apostroph in URI?

P: n/a
Hi,

within a DataGrid control I'm using a DataTable containing a string column
to fill a Hyperlink's href attribute. Unfortunately HttpUtility.UrlEncode()
doesn't escape the apostroph character, thus ruining some of my hrefs.

How do I correctly escape any character using a Page's current encoding (I
don't want to hard-code the encoding)?

TIA,
Axel Dahmen

Sample code:
<a href='Search.aspx?txt=<%#
HttpUtility.UrlEncode(DataBinder.Eval(Container.Da taItem,"Desc").ToString())
%>'>
Nov 19 '05 #1
Share this Question
Share on Google+
7 Replies


P: n/a
hi,
you need HtmlEncode instead of UrlEncode
i get them mixed up all the time :)

hope this helps
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Of**************@TK2MSFTNGP14.phx.gbl...
Hi,

within a DataGrid control I'm using a DataTable containing a string column
to fill a Hyperlink's href attribute. Unfortunately
HttpUtility.UrlEncode()
doesn't escape the apostroph character, thus ruining some of my hrefs.

How do I correctly escape any character using a Page's current encoding (I
don't want to hard-code the encoding)?

TIA,
Axel Dahmen

Sample code:
<a href='Search.aspx?txt=<%#
HttpUtility.UrlEncode(DataBinder.Eval(Container.Da taItem,"Desc").ToString())
%>'>

Nov 19 '05 #2

P: n/a
Hi Tim,

thanks for trying to help! But nope, I've tested both versions. Neither of
them escape the apostrophe character. BTW: HtmlEncode doesn't yield useful
URIs.

Best regards,
Axel Dahmen

------------------
"Tim_Mac" <Tim at mackey dot eye eee> schrieb im Newsbeitrag
news:#5**************@TK2MSFTNGP11.phx.gbl...
hi,
you need HtmlEncode instead of UrlEncode
i get them mixed up all the time :)

hope this helps
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Of**************@TK2MSFTNGP14.phx.gbl...
Hi,

within a DataGrid control I'm using a DataTable containing a string column to fill a Hyperlink's href attribute. Unfortunately
HttpUtility.UrlEncode()
doesn't escape the apostroph character, thus ruining some of my hrefs.

How do I correctly escape any character using a Page's current encoding (I don't want to hard-code the encoding)?

TIA,
Axel Dahmen

Sample code:
<a href='Search.aspx?txt=<%#
HttpUtility.UrlEncode(DataBinder.Eval(Container.Da taItem,"Desc").ToString()) %>'>


Nov 19 '05 #3

P: n/a
hi Axel,
apologies for my oversight.
i've done some testing and the apostrophe is one of the very few punctuation
characters that doesn't get escaped with HtmlEncode. i am guessing this is
because most HTML is marked up with double quotes, instead of single quotes,
and therefore wouldn't cause problems under whatever MS consider 'normal'
HTML use of quotes.

can you use double quotes in your HTML to avoid the problem?

certainly i think HtmlEncode is a better one to use for embedding in Html.
as you can see from the example below, the url encoding won't make much
sense to a html document:

some punctuation characters: !"$%^&*()_+-=[]{};'#:@~,./<>?\|
these characters, HtmlEncoded:
¬!&quot;£$%^&amp;*()_+-=[]{};'#:@~,./&lt;&gt;?\|
these characters, UrlEncoded:
%c2%ac!%22%c2%a3%24%25%5e%26*()_%2b-%3d%5b%5d%7b%7d%3b'%23%3a%40%7e%2c.%2f%3c%3e%3f%5c %7c+%0d%0a%0d%0a

hth
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Oe**************@tk2msftngp13.phx.gbl...
Hi Tim,

thanks for trying to help! But nope, I've tested both versions. Neither of
them escape the apostrophe character. BTW: HtmlEncode doesn't yield useful
URIs.

Best regards,
Axel Dahmen

------------------
"Tim_Mac" <Tim at mackey dot eye eee> schrieb im Newsbeitrag
news:#5**************@TK2MSFTNGP11.phx.gbl...
hi,
you need HtmlEncode instead of UrlEncode
i get them mixed up all the time :)

hope this helps
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Of**************@TK2MSFTNGP14.phx.gbl...
> Hi,
>
> within a DataGrid control I'm using a DataTable containing a string column > to fill a Hyperlink's href attribute. Unfortunately
> HttpUtility.UrlEncode()
> doesn't escape the apostroph character, thus ruining some of my hrefs.
>
> How do I correctly escape any character using a Page's current encoding (I > don't want to hard-code the encoding)?
>
> TIA,
> Axel Dahmen
>
> Sample code:
> <a href='Search.aspx?txt=<%#
> HttpUtility.UrlEncode(DataBinder.Eval(Container.Da taItem,"Desc").ToString()) > %>'>
>
>



Nov 19 '05 #4

P: n/a
Hi Tim,

actually I'm using UrlEncode to encode a href in a <a> element. HtmlEncode
doesn't make sense here, I'm afraid, as the receiving server doesn't
understand HTML escapes given in an URI. HtmlEncode can only be used for
Html mark-up (as the name implies).

Actually, I am already using double quotes as a workaround. The problem:
VStudio doesn't open the ASP.NET page anymore in design mode if you include
databind expressions in double quotes because they interfere with the data
field's double quotes:

href="<%# DataBinder.Eval(Container.DataItem,"Desc") %>"
^ ^ ^ ^

So I'm forced to use single quotes if I want to open the page in design
view.

Thus I'm afraid my question still remains: There must be a general function
somewhere to give me a way to correctly escape *any* character I want.
Something like the Encoding class... I need a way to get back from a byte
array to a string. For this I need to know the sequence in which to read the
byte array. It should be given from an Encoding class member function...

Regards,
Axel

"Tim_Mac" <Tim at mackey dot eye eee> schrieb im Newsbeitrag
news:#L**************@TK2MSFTNGP15.phx.gbl...
hi Axel,
apologies for my oversight.
i've done some testing and the apostrophe is one of the very few punctuation characters that doesn't get escaped with HtmlEncode. i am guessing this is because most HTML is marked up with double quotes, instead of single quotes, and therefore wouldn't cause problems under whatever MS consider 'normal'
HTML use of quotes.

can you use double quotes in your HTML to avoid the problem?

certainly i think HtmlEncode is a better one to use for embedding in Html.
as you can see from the example below, the url encoding won't make much
sense to a html document:

some punctuation characters: !"$%^&*()_+-=[]{};'#:@~,./<>?\|
these characters, HtmlEncoded:
¬!&quot;£$%^&amp;*()_+-=[]{};'#:@~,./&lt;&gt;?\|
these characters, UrlEncoded:
%c2%ac!%22%c2%a3%24%25%5e%26*()_%2b-%3d%5b%5d%7b%7d%3b'%23%3a%40%7e%2c.%2f%3
c%3e%3f%5c%7c+%0d%0a%0d%0a
hth
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Oe**************@tk2msftngp13.phx.gbl...
Hi Tim,

thanks for trying to help! But nope, I've tested both versions. Neither of them escape the apostrophe character. BTW: HtmlEncode doesn't yield useful URIs.

Best regards,
Axel Dahmen

------------------
"Tim_Mac" <Tim at mackey dot eye eee> schrieb im Newsbeitrag
news:#5**************@TK2MSFTNGP11.phx.gbl...
hi,
you need HtmlEncode instead of UrlEncode
i get them mixed up all the time :)

hope this helps
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Of**************@TK2MSFTNGP14.phx.gbl...
> Hi,
>
> within a DataGrid control I'm using a DataTable containing a string

column
> to fill a Hyperlink's href attribute. Unfortunately
> HttpUtility.UrlEncode()
> doesn't escape the apostroph character, thus ruining some of my hrefs. >
> How do I correctly escape any character using a Page's current encoding
(I
> don't want to hard-code the encoding)?
>
> TIA,
> Axel Dahmen
>
> Sample code:
> <a href='Search.aspx?txt=<%#
>

HttpUtility.UrlEncode(DataBinder.Eval(Container.Da taItem,"Desc").ToString()) > %>'>
>
>



Nov 19 '05 #5

P: n/a
hi Axel,
i think the best you'll get is using UrlEncode in conjunction with:
..Replace("'", "%27")see this article from someone with the same problem:
http://blog.steeleprice.net/archive/2004/07/13/365.aspx
sorry i don't have a better answer.
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl...
Hi Tim,

actually I'm using UrlEncode to encode a href in a <a> element. HtmlEncode
doesn't make sense here, I'm afraid, as the receiving server doesn't
understand HTML escapes given in an URI. HtmlEncode can only be used for
Html mark-up (as the name implies).

Actually, I am already using double quotes as a workaround. The problem:
VStudio doesn't open the ASP.NET page anymore in design mode if you
include
databind expressions in double quotes because they interfere with the data
field's double quotes:

href="<%# DataBinder.Eval(Container.DataItem,"Desc") %>"
^ ^ ^ ^

So I'm forced to use single quotes if I want to open the page in design
view.

Thus I'm afraid my question still remains: There must be a general
function
somewhere to give me a way to correctly escape *any* character I want.
Something like the Encoding class... I need a way to get back from a byte
array to a string. For this I need to know the sequence in which to read
the
byte array. It should be given from an Encoding class member function...

Regards,
Axel

"Tim_Mac" <Tim at mackey dot eye eee> schrieb im Newsbeitrag
news:#L**************@TK2MSFTNGP15.phx.gbl...
hi Axel,
apologies for my oversight.
i've done some testing and the apostrophe is one of the very few

punctuation
characters that doesn't get escaped with HtmlEncode. i am guessing this

is
because most HTML is marked up with double quotes, instead of single

quotes,
and therefore wouldn't cause problems under whatever MS consider 'normal'
HTML use of quotes.

can you use double quotes in your HTML to avoid the problem?

certainly i think HtmlEncode is a better one to use for embedding in
Html.
as you can see from the example below, the url encoding won't make much
sense to a html document:

some punctuation characters: !"$%^&*()_+-=[]{};'#:@~,./<>?\|
these characters, HtmlEncoded:
¬!&quot;£$%^&amp;*()_+-=[]{};'#:@~,./&lt;&gt;?\|
these characters, UrlEncoded:

%c2%ac!%22%c2%a3%24%25%5e%26*()_%2b-%3d%5b%5d%7b%7d%3b'%23%3a%40%7e%2c.%2f%3
c%3e%3f%5c%7c+%0d%0a%0d%0a

hth
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Oe**************@tk2msftngp13.phx.gbl...
> Hi Tim,
>
> thanks for trying to help! But nope, I've tested both versions. Neither of > them escape the apostrophe character. BTW: HtmlEncode doesn't yield useful > URIs.
>
> Best regards,
> Axel Dahmen
>
>
>
> ------------------
> "Tim_Mac" <Tim at mackey dot eye eee> schrieb im Newsbeitrag
> news:#5**************@TK2MSFTNGP11.phx.gbl...
>> hi,
>> you need HtmlEncode instead of UrlEncode
>> i get them mixed up all the time :)
>>
>> hope this helps
>> tim
>>
>> --------------------------
>> blog: http://tim.mackey.ie
>>
>> "Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
>> news:Of**************@TK2MSFTNGP14.phx.gbl...
>> > Hi,
>> >
>> > within a DataGrid control I'm using a DataTable containing a string
> column
>> > to fill a Hyperlink's href attribute. Unfortunately
>> > HttpUtility.UrlEncode()
>> > doesn't escape the apostroph character, thus ruining some of my hrefs. >> >
>> > How do I correctly escape any character using a Page's current encoding > (I
>> > don't want to hard-code the encoding)?
>> >
>> > TIA,
>> > Axel Dahmen
>> >
>> > Sample code:
>> > <a href='Search.aspx?txt=<%#
>> >
> HttpUtility.UrlEncode(DataBinder.Eval(Container.Da taItem,"Desc").ToString()) >> > %>'>
>> >
>> >
>>
>>
>
>



Nov 19 '05 #6

P: n/a
>actually I'm using UrlEncode to encode a href in a <a> element.
HtmlEncode doesn't make sense here, I'm afraid, as the receiving server
doesn't understand HTML escapes given in an URI. HtmlEncode can only be
used for Html mark-up (as the name implies).


Actually, I think you need both. HTMLEncode *is* required (for valid
HTML) when putting the result in an href. If the URI to be used contains
non-standard charcaters, then you need to use UrlEncode *before*
HtmlEncode, to make sure the querystring parameters will be understood
by the receiving server.

Remember that the browser will un-HtmlEncode the contents of the href
before sending it off to the receiving server.

HTH

--
Alan Silver
(anything added below this line is nothing to do with me)
Nov 19 '05 #7

P: n/a
Yes, I see you point. You're right on a first glimpse, but according to the
HTML spec there is no escaping necessary if the attribute value is put
within quotation marks. So the only character required to be escaped would
be the quotation mark itself. But - and this is the drawback here -
HtmlEncode doesn't escape a single quotation mark either.

I've now posted a corresponding suggestion to the Microsoft Product Feedback
Center under FDBK36356. It allows for any arbitrary character to be encoded.

Here's the short version:

" Add two new overloads to UrlEncode allowing to encode any arbitrary
character of a string given a second string or character array containing
all the characters to encode, like:

string HttpUtility.UrlEncode(string str, char[] anyof);
string HttpUtility.UrlEncode(string str, string anyof);

Given the existing UrlEncode() overloads this would yield 8 new overloads in
total.
Same for HtmlEncode(). "


----------------
"Alan Silver" <al*********@nospam.thanx> schrieb im Newsbeitrag
news:Z+**************@nospamthankyou.spam...
actually I'm using UrlEncode to encode a href in a <a> element.
HtmlEncode doesn't make sense here, I'm afraid, as the receiving server
doesn't understand HTML escapes given in an URI. HtmlEncode can only be
used for Html mark-up (as the name implies).


Actually, I think you need both. HTMLEncode *is* required (for valid
HTML) when putting the result in an href. If the URI to be used contains
non-standard charcaters, then you need to use UrlEncode *before*
HtmlEncode, to make sure the querystring parameters will be understood
by the receiving server.

Remember that the browser will un-HtmlEncode the contents of the href
before sending it off to the receiving server.

HTH

--
Alan Silver
(anything added below this line is nothing to do with me)

Nov 19 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.