473,287 Members | 1,582 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,287 software developers and data experts.

Correctly Escape Apostroph in URI?

Hi,

within a DataGrid control I'm using a DataTable containing a string column
to fill a Hyperlink's href attribute. Unfortunately HttpUtility.UrlEncode()
doesn't escape the apostroph character, thus ruining some of my hrefs.

How do I correctly escape any character using a Page's current encoding (I
don't want to hard-code the encoding)?

TIA,
Axel Dahmen

Sample code:
<a href='Search.aspx?txt=<%#
HttpUtility.UrlEncode(DataBinder.Eval(Container.Da taItem,"Desc").ToString())
%>'>
Nov 19 '05 #1
7 4156
hi,
you need HtmlEncode instead of UrlEncode
i get them mixed up all the time :)

hope this helps
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Of**************@TK2MSFTNGP14.phx.gbl...
Hi,

within a DataGrid control I'm using a DataTable containing a string column
to fill a Hyperlink's href attribute. Unfortunately
HttpUtility.UrlEncode()
doesn't escape the apostroph character, thus ruining some of my hrefs.

How do I correctly escape any character using a Page's current encoding (I
don't want to hard-code the encoding)?

TIA,
Axel Dahmen

Sample code:
<a href='Search.aspx?txt=<%#
HttpUtility.UrlEncode(DataBinder.Eval(Container.Da taItem,"Desc").ToString())
%>'>

Nov 19 '05 #2
Hi Tim,

thanks for trying to help! But nope, I've tested both versions. Neither of
them escape the apostrophe character. BTW: HtmlEncode doesn't yield useful
URIs.

Best regards,
Axel Dahmen

------------------
"Tim_Mac" <Tim at mackey dot eye eee> schrieb im Newsbeitrag
news:#5**************@TK2MSFTNGP11.phx.gbl...
hi,
you need HtmlEncode instead of UrlEncode
i get them mixed up all the time :)

hope this helps
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Of**************@TK2MSFTNGP14.phx.gbl...
Hi,

within a DataGrid control I'm using a DataTable containing a string column to fill a Hyperlink's href attribute. Unfortunately
HttpUtility.UrlEncode()
doesn't escape the apostroph character, thus ruining some of my hrefs.

How do I correctly escape any character using a Page's current encoding (I don't want to hard-code the encoding)?

TIA,
Axel Dahmen

Sample code:
<a href='Search.aspx?txt=<%#
HttpUtility.UrlEncode(DataBinder.Eval(Container.Da taItem,"Desc").ToString()) %>'>


Nov 19 '05 #3
hi Axel,
apologies for my oversight.
i've done some testing and the apostrophe is one of the very few punctuation
characters that doesn't get escaped with HtmlEncode. i am guessing this is
because most HTML is marked up with double quotes, instead of single quotes,
and therefore wouldn't cause problems under whatever MS consider 'normal'
HTML use of quotes.

can you use double quotes in your HTML to avoid the problem?

certainly i think HtmlEncode is a better one to use for embedding in Html.
as you can see from the example below, the url encoding won't make much
sense to a html document:

some punctuation characters: ¬!"£$%^&*()_+-=[]{};'#:@~,./<>?\|
these characters, HtmlEncoded:
¬!&quot;£$%^&amp;*()_+-=[]{};'#:@~,./&lt;&gt;?\|
these characters, UrlEncoded:
%c2%ac!%22%c2%a3%24%25%5e%26*()_%2b-%3d%5b%5d%7b%7d%3b'%23%3a%40%7e%2c.%2f%3c%3e%3f%5c %7c+%0d%0a%0d%0a

hth
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Oe**************@tk2msftngp13.phx.gbl...
Hi Tim,

thanks for trying to help! But nope, I've tested both versions. Neither of
them escape the apostrophe character. BTW: HtmlEncode doesn't yield useful
URIs.

Best regards,
Axel Dahmen

------------------
"Tim_Mac" <Tim at mackey dot eye eee> schrieb im Newsbeitrag
news:#5**************@TK2MSFTNGP11.phx.gbl...
hi,
you need HtmlEncode instead of UrlEncode
i get them mixed up all the time :)

hope this helps
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Of**************@TK2MSFTNGP14.phx.gbl...
> Hi,
>
> within a DataGrid control I'm using a DataTable containing a string column > to fill a Hyperlink's href attribute. Unfortunately
> HttpUtility.UrlEncode()
> doesn't escape the apostroph character, thus ruining some of my hrefs.
>
> How do I correctly escape any character using a Page's current encoding (I > don't want to hard-code the encoding)?
>
> TIA,
> Axel Dahmen
>
> Sample code:
> <a href='Search.aspx?txt=<%#
> HttpUtility.UrlEncode(DataBinder.Eval(Container.Da taItem,"Desc").ToString()) > %>'>
>
>



Nov 19 '05 #4
Hi Tim,

actually I'm using UrlEncode to encode a href in a <a> element. HtmlEncode
doesn't make sense here, I'm afraid, as the receiving server doesn't
understand HTML escapes given in an URI. HtmlEncode can only be used for
Html mark-up (as the name implies).

Actually, I am already using double quotes as a workaround. The problem:
VStudio doesn't open the ASP.NET page anymore in design mode if you include
databind expressions in double quotes because they interfere with the data
field's double quotes:

href="<%# DataBinder.Eval(Container.DataItem,"Desc") %>"
^ ^ ^ ^

So I'm forced to use single quotes if I want to open the page in design
view.

Thus I'm afraid my question still remains: There must be a general function
somewhere to give me a way to correctly escape *any* character I want.
Something like the Encoding class... I need a way to get back from a byte
array to a string. For this I need to know the sequence in which to read the
byte array. It should be given from an Encoding class member function...

Regards,
Axel

"Tim_Mac" <Tim at mackey dot eye eee> schrieb im Newsbeitrag
news:#L**************@TK2MSFTNGP15.phx.gbl...
hi Axel,
apologies for my oversight.
i've done some testing and the apostrophe is one of the very few punctuation characters that doesn't get escaped with HtmlEncode. i am guessing this is because most HTML is marked up with double quotes, instead of single quotes, and therefore wouldn't cause problems under whatever MS consider 'normal'
HTML use of quotes.

can you use double quotes in your HTML to avoid the problem?

certainly i think HtmlEncode is a better one to use for embedding in Html.
as you can see from the example below, the url encoding won't make much
sense to a html document:

some punctuation characters: ¬!"£$%^&*()_+-=[]{};'#:@~,./<>?\|
these characters, HtmlEncoded:
¬!&quot;£$%^&amp;*()_+-=[]{};'#:@~,./&lt;&gt;?\|
these characters, UrlEncoded:
%c2%ac!%22%c2%a3%24%25%5e%26*()_%2b-%3d%5b%5d%7b%7d%3b'%23%3a%40%7e%2c.%2f%3
c%3e%3f%5c%7c+%0d%0a%0d%0a
hth
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Oe**************@tk2msftngp13.phx.gbl...
Hi Tim,

thanks for trying to help! But nope, I've tested both versions. Neither of them escape the apostrophe character. BTW: HtmlEncode doesn't yield useful URIs.

Best regards,
Axel Dahmen

------------------
"Tim_Mac" <Tim at mackey dot eye eee> schrieb im Newsbeitrag
news:#5**************@TK2MSFTNGP11.phx.gbl...
hi,
you need HtmlEncode instead of UrlEncode
i get them mixed up all the time :)

hope this helps
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Of**************@TK2MSFTNGP14.phx.gbl...
> Hi,
>
> within a DataGrid control I'm using a DataTable containing a string

column
> to fill a Hyperlink's href attribute. Unfortunately
> HttpUtility.UrlEncode()
> doesn't escape the apostroph character, thus ruining some of my hrefs. >
> How do I correctly escape any character using a Page's current encoding
(I
> don't want to hard-code the encoding)?
>
> TIA,
> Axel Dahmen
>
> Sample code:
> <a href='Search.aspx?txt=<%#
>

HttpUtility.UrlEncode(DataBinder.Eval(Container.Da taItem,"Desc").ToString()) > %>'>
>
>



Nov 19 '05 #5
hi Axel,
i think the best you'll get is using UrlEncode in conjunction with:
..Replace("'", "%27")see this article from someone with the same problem:
http://blog.steeleprice.net/archive/2004/07/13/365.aspx
sorry i don't have a better answer.
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl...
Hi Tim,

actually I'm using UrlEncode to encode a href in a <a> element. HtmlEncode
doesn't make sense here, I'm afraid, as the receiving server doesn't
understand HTML escapes given in an URI. HtmlEncode can only be used for
Html mark-up (as the name implies).

Actually, I am already using double quotes as a workaround. The problem:
VStudio doesn't open the ASP.NET page anymore in design mode if you
include
databind expressions in double quotes because they interfere with the data
field's double quotes:

href="<%# DataBinder.Eval(Container.DataItem,"Desc") %>"
^ ^ ^ ^

So I'm forced to use single quotes if I want to open the page in design
view.

Thus I'm afraid my question still remains: There must be a general
function
somewhere to give me a way to correctly escape *any* character I want.
Something like the Encoding class... I need a way to get back from a byte
array to a string. For this I need to know the sequence in which to read
the
byte array. It should be given from an Encoding class member function...

Regards,
Axel

"Tim_Mac" <Tim at mackey dot eye eee> schrieb im Newsbeitrag
news:#L**************@TK2MSFTNGP15.phx.gbl...
hi Axel,
apologies for my oversight.
i've done some testing and the apostrophe is one of the very few

punctuation
characters that doesn't get escaped with HtmlEncode. i am guessing this

is
because most HTML is marked up with double quotes, instead of single

quotes,
and therefore wouldn't cause problems under whatever MS consider 'normal'
HTML use of quotes.

can you use double quotes in your HTML to avoid the problem?

certainly i think HtmlEncode is a better one to use for embedding in
Html.
as you can see from the example below, the url encoding won't make much
sense to a html document:

some punctuation characters: ¬!"£$%^&*()_+-=[]{};'#:@~,./<>?\|
these characters, HtmlEncoded:
¬!&quot;£$%^&amp;*()_+-=[]{};'#:@~,./&lt;&gt;?\|
these characters, UrlEncoded:

%c2%ac!%22%c2%a3%24%25%5e%26*()_%2b-%3d%5b%5d%7b%7d%3b'%23%3a%40%7e%2c.%2f%3
c%3e%3f%5c%7c+%0d%0a%0d%0a

hth
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Oe**************@tk2msftngp13.phx.gbl...
> Hi Tim,
>
> thanks for trying to help! But nope, I've tested both versions. Neither of > them escape the apostrophe character. BTW: HtmlEncode doesn't yield useful > URIs.
>
> Best regards,
> Axel Dahmen
>
>
>
> ------------------
> "Tim_Mac" <Tim at mackey dot eye eee> schrieb im Newsbeitrag
> news:#5**************@TK2MSFTNGP11.phx.gbl...
>> hi,
>> you need HtmlEncode instead of UrlEncode
>> i get them mixed up all the time :)
>>
>> hope this helps
>> tim
>>
>> --------------------------
>> blog: http://tim.mackey.ie
>>
>> "Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
>> news:Of**************@TK2MSFTNGP14.phx.gbl...
>> > Hi,
>> >
>> > within a DataGrid control I'm using a DataTable containing a string
> column
>> > to fill a Hyperlink's href attribute. Unfortunately
>> > HttpUtility.UrlEncode()
>> > doesn't escape the apostroph character, thus ruining some of my hrefs. >> >
>> > How do I correctly escape any character using a Page's current encoding > (I
>> > don't want to hard-code the encoding)?
>> >
>> > TIA,
>> > Axel Dahmen
>> >
>> > Sample code:
>> > <a href='Search.aspx?txt=<%#
>> >
> HttpUtility.UrlEncode(DataBinder.Eval(Container.Da taItem,"Desc").ToString()) >> > %>'>
>> >
>> >
>>
>>
>
>



Nov 19 '05 #6
>actually I'm using UrlEncode to encode a href in a <a> element.
HtmlEncode doesn't make sense here, I'm afraid, as the receiving server
doesn't understand HTML escapes given in an URI. HtmlEncode can only be
used for Html mark-up (as the name implies).


Actually, I think you need both. HTMLEncode *is* required (for valid
HTML) when putting the result in an href. If the URI to be used contains
non-standard charcaters, then you need to use UrlEncode *before*
HtmlEncode, to make sure the querystring parameters will be understood
by the receiving server.

Remember that the browser will un-HtmlEncode the contents of the href
before sending it off to the receiving server.

HTH

--
Alan Silver
(anything added below this line is nothing to do with me)
Nov 19 '05 #7
Yes, I see you point. You're right on a first glimpse, but according to the
HTML spec there is no escaping necessary if the attribute value is put
within quotation marks. So the only character required to be escaped would
be the quotation mark itself. But - and this is the drawback here -
HtmlEncode doesn't escape a single quotation mark either.

I've now posted a corresponding suggestion to the Microsoft Product Feedback
Center under FDBK36356. It allows for any arbitrary character to be encoded.

Here's the short version:

" Add two new overloads to UrlEncode allowing to encode any arbitrary
character of a string given a second string or character array containing
all the characters to encode, like:

string HttpUtility.UrlEncode(string str, char[] anyof);
string HttpUtility.UrlEncode(string str, string anyof);

Given the existing UrlEncode() overloads this would yield 8 new overloads in
total.
Same for HtmlEncode(). "


----------------
"Alan Silver" <al*********@nospam.thanx> schrieb im Newsbeitrag
news:Z+**************@nospamthankyou.spam...
actually I'm using UrlEncode to encode a href in a <a> element.
HtmlEncode doesn't make sense here, I'm afraid, as the receiving server
doesn't understand HTML escapes given in an URI. HtmlEncode can only be
used for Html mark-up (as the name implies).


Actually, I think you need both. HTMLEncode *is* required (for valid
HTML) when putting the result in an href. If the URI to be used contains
non-standard charcaters, then you need to use UrlEncode *before*
HtmlEncode, to make sure the querystring parameters will be understood
by the receiving server.

Remember that the browser will un-HtmlEncode the contents of the href
before sending it off to the receiving server.

HTH

--
Alan Silver
(anything added below this line is nothing to do with me)

Nov 19 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
by: Leif B. Kristensen | last post by:
I'm working with a Python program to insert / update textual data into a PostgreSQL database. The text has single and double quotes in it, and I wonder: What is the easiest way to escape quotes in...
5
by: David | last post by:
I have an xml file that, for example, contains the following element: - <data>\x0095 blah1 \x0095 blah2 \x0095 blah3 \x0095 blah4</data> If I use XmlTextReader.ReadString() to read this data...
3
by: Paul | last post by:
I have an Access 2000 database with a form that is giving me some major headaches. When you open the form, it displays all records and allows editing, but has AllowAdditions set to False so that...
7
by: teachtiro | last post by:
Hi, 'C' says \ is the escape character to be used when characters are to be interpreted in an uncommon sense, e.g. \t usage in printf(), but for printing % through printf(), i have read that %%...
18
by: Steve Litvack | last post by:
Hello, I have built an XMLDocument object instance and I get the following string when I examine the InnerXml property: <?xml version=\"1.0\"?><ROOT><UserData UserID=\"2282\"><Tag1...
4
by: Guadala Harry | last post by:
I need to place the following into a string... How can I properly escape the % " / < and > characters? <table width="100%" border="0" cellspacing="0" cellpadding="4px" class="hfAll"></Table> ...
16
by: sudhir | last post by:
hi how to check escape key is pressed when accepting the string as input. Because I do not want to receive a string if user presses the ESCAPE key.. I used ascii code for comparision but I...
25
by: Wim Cossement | last post by:
Hello, I was wondering if there are a few good pages and/or examples on how to process form data correctly for putting it in a MySQL DB. Since I'm not used to using PHP a lot, I already found...
131
by: Lawrence D'Oliveiro | last post by:
The "escape" function in the "cgi" module escapes characters with special meanings in HTML. The ones that need escaping are '<', '&' and '"'. However, cgi.escape only escapes the quote character if...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: marcoviolo | last post by:
Dear all, I would like to implement on my worksheet an vlookup dynamic , that consider a change of pivot excel via win32com, from an external excel (without open it) and save the new file into a...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.