473,324 Members | 2,124 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

Correctly Escape Apostroph in URI?

Hi,

within a DataGrid control I'm using a DataTable containing a string column
to fill a Hyperlink's href attribute. Unfortunately HttpUtility.UrlEncode()
doesn't escape the apostroph character, thus ruining some of my hrefs.

How do I correctly escape any character using a Page's current encoding (I
don't want to hard-code the encoding)?

TIA,
Axel Dahmen

Sample code:
<a href='Search.aspx?txt=<%#
HttpUtility.UrlEncode(DataBinder.Eval(Container.Da taItem,"Desc").ToString())
%>'>
Nov 19 '05 #1
7 4159
hi,
you need HtmlEncode instead of UrlEncode
i get them mixed up all the time :)

hope this helps
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Of**************@TK2MSFTNGP14.phx.gbl...
Hi,

within a DataGrid control I'm using a DataTable containing a string column
to fill a Hyperlink's href attribute. Unfortunately
HttpUtility.UrlEncode()
doesn't escape the apostroph character, thus ruining some of my hrefs.

How do I correctly escape any character using a Page's current encoding (I
don't want to hard-code the encoding)?

TIA,
Axel Dahmen

Sample code:
<a href='Search.aspx?txt=<%#
HttpUtility.UrlEncode(DataBinder.Eval(Container.Da taItem,"Desc").ToString())
%>'>

Nov 19 '05 #2
Hi Tim,

thanks for trying to help! But nope, I've tested both versions. Neither of
them escape the apostrophe character. BTW: HtmlEncode doesn't yield useful
URIs.

Best regards,
Axel Dahmen

------------------
"Tim_Mac" <Tim at mackey dot eye eee> schrieb im Newsbeitrag
news:#5**************@TK2MSFTNGP11.phx.gbl...
hi,
you need HtmlEncode instead of UrlEncode
i get them mixed up all the time :)

hope this helps
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Of**************@TK2MSFTNGP14.phx.gbl...
Hi,

within a DataGrid control I'm using a DataTable containing a string column to fill a Hyperlink's href attribute. Unfortunately
HttpUtility.UrlEncode()
doesn't escape the apostroph character, thus ruining some of my hrefs.

How do I correctly escape any character using a Page's current encoding (I don't want to hard-code the encoding)?

TIA,
Axel Dahmen

Sample code:
<a href='Search.aspx?txt=<%#
HttpUtility.UrlEncode(DataBinder.Eval(Container.Da taItem,"Desc").ToString()) %>'>


Nov 19 '05 #3
hi Axel,
apologies for my oversight.
i've done some testing and the apostrophe is one of the very few punctuation
characters that doesn't get escaped with HtmlEncode. i am guessing this is
because most HTML is marked up with double quotes, instead of single quotes,
and therefore wouldn't cause problems under whatever MS consider 'normal'
HTML use of quotes.

can you use double quotes in your HTML to avoid the problem?

certainly i think HtmlEncode is a better one to use for embedding in Html.
as you can see from the example below, the url encoding won't make much
sense to a html document:

some punctuation characters: ¬!"£$%^&*()_+-=[]{};'#:@~,./<>?\|
these characters, HtmlEncoded:
¬!&quot;£$%^&amp;*()_+-=[]{};'#:@~,./&lt;&gt;?\|
these characters, UrlEncoded:
%c2%ac!%22%c2%a3%24%25%5e%26*()_%2b-%3d%5b%5d%7b%7d%3b'%23%3a%40%7e%2c.%2f%3c%3e%3f%5c %7c+%0d%0a%0d%0a

hth
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Oe**************@tk2msftngp13.phx.gbl...
Hi Tim,

thanks for trying to help! But nope, I've tested both versions. Neither of
them escape the apostrophe character. BTW: HtmlEncode doesn't yield useful
URIs.

Best regards,
Axel Dahmen

------------------
"Tim_Mac" <Tim at mackey dot eye eee> schrieb im Newsbeitrag
news:#5**************@TK2MSFTNGP11.phx.gbl...
hi,
you need HtmlEncode instead of UrlEncode
i get them mixed up all the time :)

hope this helps
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Of**************@TK2MSFTNGP14.phx.gbl...
> Hi,
>
> within a DataGrid control I'm using a DataTable containing a string column > to fill a Hyperlink's href attribute. Unfortunately
> HttpUtility.UrlEncode()
> doesn't escape the apostroph character, thus ruining some of my hrefs.
>
> How do I correctly escape any character using a Page's current encoding (I > don't want to hard-code the encoding)?
>
> TIA,
> Axel Dahmen
>
> Sample code:
> <a href='Search.aspx?txt=<%#
> HttpUtility.UrlEncode(DataBinder.Eval(Container.Da taItem,"Desc").ToString()) > %>'>
>
>



Nov 19 '05 #4
Hi Tim,

actually I'm using UrlEncode to encode a href in a <a> element. HtmlEncode
doesn't make sense here, I'm afraid, as the receiving server doesn't
understand HTML escapes given in an URI. HtmlEncode can only be used for
Html mark-up (as the name implies).

Actually, I am already using double quotes as a workaround. The problem:
VStudio doesn't open the ASP.NET page anymore in design mode if you include
databind expressions in double quotes because they interfere with the data
field's double quotes:

href="<%# DataBinder.Eval(Container.DataItem,"Desc") %>"
^ ^ ^ ^

So I'm forced to use single quotes if I want to open the page in design
view.

Thus I'm afraid my question still remains: There must be a general function
somewhere to give me a way to correctly escape *any* character I want.
Something like the Encoding class... I need a way to get back from a byte
array to a string. For this I need to know the sequence in which to read the
byte array. It should be given from an Encoding class member function...

Regards,
Axel

"Tim_Mac" <Tim at mackey dot eye eee> schrieb im Newsbeitrag
news:#L**************@TK2MSFTNGP15.phx.gbl...
hi Axel,
apologies for my oversight.
i've done some testing and the apostrophe is one of the very few punctuation characters that doesn't get escaped with HtmlEncode. i am guessing this is because most HTML is marked up with double quotes, instead of single quotes, and therefore wouldn't cause problems under whatever MS consider 'normal'
HTML use of quotes.

can you use double quotes in your HTML to avoid the problem?

certainly i think HtmlEncode is a better one to use for embedding in Html.
as you can see from the example below, the url encoding won't make much
sense to a html document:

some punctuation characters: ¬!"£$%^&*()_+-=[]{};'#:@~,./<>?\|
these characters, HtmlEncoded:
¬!&quot;£$%^&amp;*()_+-=[]{};'#:@~,./&lt;&gt;?\|
these characters, UrlEncoded:
%c2%ac!%22%c2%a3%24%25%5e%26*()_%2b-%3d%5b%5d%7b%7d%3b'%23%3a%40%7e%2c.%2f%3
c%3e%3f%5c%7c+%0d%0a%0d%0a
hth
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Oe**************@tk2msftngp13.phx.gbl...
Hi Tim,

thanks for trying to help! But nope, I've tested both versions. Neither of them escape the apostrophe character. BTW: HtmlEncode doesn't yield useful URIs.

Best regards,
Axel Dahmen

------------------
"Tim_Mac" <Tim at mackey dot eye eee> schrieb im Newsbeitrag
news:#5**************@TK2MSFTNGP11.phx.gbl...
hi,
you need HtmlEncode instead of UrlEncode
i get them mixed up all the time :)

hope this helps
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Of**************@TK2MSFTNGP14.phx.gbl...
> Hi,
>
> within a DataGrid control I'm using a DataTable containing a string

column
> to fill a Hyperlink's href attribute. Unfortunately
> HttpUtility.UrlEncode()
> doesn't escape the apostroph character, thus ruining some of my hrefs. >
> How do I correctly escape any character using a Page's current encoding
(I
> don't want to hard-code the encoding)?
>
> TIA,
> Axel Dahmen
>
> Sample code:
> <a href='Search.aspx?txt=<%#
>

HttpUtility.UrlEncode(DataBinder.Eval(Container.Da taItem,"Desc").ToString()) > %>'>
>
>



Nov 19 '05 #5
hi Axel,
i think the best you'll get is using UrlEncode in conjunction with:
..Replace("'", "%27")see this article from someone with the same problem:
http://blog.steeleprice.net/archive/2004/07/13/365.aspx
sorry i don't have a better answer.
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl...
Hi Tim,

actually I'm using UrlEncode to encode a href in a <a> element. HtmlEncode
doesn't make sense here, I'm afraid, as the receiving server doesn't
understand HTML escapes given in an URI. HtmlEncode can only be used for
Html mark-up (as the name implies).

Actually, I am already using double quotes as a workaround. The problem:
VStudio doesn't open the ASP.NET page anymore in design mode if you
include
databind expressions in double quotes because they interfere with the data
field's double quotes:

href="<%# DataBinder.Eval(Container.DataItem,"Desc") %>"
^ ^ ^ ^

So I'm forced to use single quotes if I want to open the page in design
view.

Thus I'm afraid my question still remains: There must be a general
function
somewhere to give me a way to correctly escape *any* character I want.
Something like the Encoding class... I need a way to get back from a byte
array to a string. For this I need to know the sequence in which to read
the
byte array. It should be given from an Encoding class member function...

Regards,
Axel

"Tim_Mac" <Tim at mackey dot eye eee> schrieb im Newsbeitrag
news:#L**************@TK2MSFTNGP15.phx.gbl...
hi Axel,
apologies for my oversight.
i've done some testing and the apostrophe is one of the very few

punctuation
characters that doesn't get escaped with HtmlEncode. i am guessing this

is
because most HTML is marked up with double quotes, instead of single

quotes,
and therefore wouldn't cause problems under whatever MS consider 'normal'
HTML use of quotes.

can you use double quotes in your HTML to avoid the problem?

certainly i think HtmlEncode is a better one to use for embedding in
Html.
as you can see from the example below, the url encoding won't make much
sense to a html document:

some punctuation characters: ¬!"£$%^&*()_+-=[]{};'#:@~,./<>?\|
these characters, HtmlEncoded:
¬!&quot;£$%^&amp;*()_+-=[]{};'#:@~,./&lt;&gt;?\|
these characters, UrlEncoded:

%c2%ac!%22%c2%a3%24%25%5e%26*()_%2b-%3d%5b%5d%7b%7d%3b'%23%3a%40%7e%2c.%2f%3
c%3e%3f%5c%7c+%0d%0a%0d%0a

hth
tim

--------------------------
blog: http://tim.mackey.ie

"Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
news:Oe**************@tk2msftngp13.phx.gbl...
> Hi Tim,
>
> thanks for trying to help! But nope, I've tested both versions. Neither of > them escape the apostrophe character. BTW: HtmlEncode doesn't yield useful > URIs.
>
> Best regards,
> Axel Dahmen
>
>
>
> ------------------
> "Tim_Mac" <Tim at mackey dot eye eee> schrieb im Newsbeitrag
> news:#5**************@TK2MSFTNGP11.phx.gbl...
>> hi,
>> you need HtmlEncode instead of UrlEncode
>> i get them mixed up all the time :)
>>
>> hope this helps
>> tim
>>
>> --------------------------
>> blog: http://tim.mackey.ie
>>
>> "Axel Dahmen" <NO*****@NoOneKnows.invalid> wrote in message
>> news:Of**************@TK2MSFTNGP14.phx.gbl...
>> > Hi,
>> >
>> > within a DataGrid control I'm using a DataTable containing a string
> column
>> > to fill a Hyperlink's href attribute. Unfortunately
>> > HttpUtility.UrlEncode()
>> > doesn't escape the apostroph character, thus ruining some of my hrefs. >> >
>> > How do I correctly escape any character using a Page's current encoding > (I
>> > don't want to hard-code the encoding)?
>> >
>> > TIA,
>> > Axel Dahmen
>> >
>> > Sample code:
>> > <a href='Search.aspx?txt=<%#
>> >
> HttpUtility.UrlEncode(DataBinder.Eval(Container.Da taItem,"Desc").ToString()) >> > %>'>
>> >
>> >
>>
>>
>
>



Nov 19 '05 #6
>actually I'm using UrlEncode to encode a href in a <a> element.
HtmlEncode doesn't make sense here, I'm afraid, as the receiving server
doesn't understand HTML escapes given in an URI. HtmlEncode can only be
used for Html mark-up (as the name implies).


Actually, I think you need both. HTMLEncode *is* required (for valid
HTML) when putting the result in an href. If the URI to be used contains
non-standard charcaters, then you need to use UrlEncode *before*
HtmlEncode, to make sure the querystring parameters will be understood
by the receiving server.

Remember that the browser will un-HtmlEncode the contents of the href
before sending it off to the receiving server.

HTH

--
Alan Silver
(anything added below this line is nothing to do with me)
Nov 19 '05 #7
Yes, I see you point. You're right on a first glimpse, but according to the
HTML spec there is no escaping necessary if the attribute value is put
within quotation marks. So the only character required to be escaped would
be the quotation mark itself. But - and this is the drawback here -
HtmlEncode doesn't escape a single quotation mark either.

I've now posted a corresponding suggestion to the Microsoft Product Feedback
Center under FDBK36356. It allows for any arbitrary character to be encoded.

Here's the short version:

" Add two new overloads to UrlEncode allowing to encode any arbitrary
character of a string given a second string or character array containing
all the characters to encode, like:

string HttpUtility.UrlEncode(string str, char[] anyof);
string HttpUtility.UrlEncode(string str, string anyof);

Given the existing UrlEncode() overloads this would yield 8 new overloads in
total.
Same for HtmlEncode(). "


----------------
"Alan Silver" <al*********@nospam.thanx> schrieb im Newsbeitrag
news:Z+**************@nospamthankyou.spam...
actually I'm using UrlEncode to encode a href in a <a> element.
HtmlEncode doesn't make sense here, I'm afraid, as the receiving server
doesn't understand HTML escapes given in an URI. HtmlEncode can only be
used for Html mark-up (as the name implies).


Actually, I think you need both. HTMLEncode *is* required (for valid
HTML) when putting the result in an href. If the URI to be used contains
non-standard charcaters, then you need to use UrlEncode *before*
HtmlEncode, to make sure the querystring parameters will be understood
by the receiving server.

Remember that the browser will un-HtmlEncode the contents of the href
before sending it off to the receiving server.

HTH

--
Alan Silver
(anything added below this line is nothing to do with me)

Nov 19 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
by: Leif B. Kristensen | last post by:
I'm working with a Python program to insert / update textual data into a PostgreSQL database. The text has single and double quotes in it, and I wonder: What is the easiest way to escape quotes in...
5
by: David | last post by:
I have an xml file that, for example, contains the following element: - <data>\x0095 blah1 \x0095 blah2 \x0095 blah3 \x0095 blah4</data> If I use XmlTextReader.ReadString() to read this data...
3
by: Paul | last post by:
I have an Access 2000 database with a form that is giving me some major headaches. When you open the form, it displays all records and allows editing, but has AllowAdditions set to False so that...
7
by: teachtiro | last post by:
Hi, 'C' says \ is the escape character to be used when characters are to be interpreted in an uncommon sense, e.g. \t usage in printf(), but for printing % through printf(), i have read that %%...
18
by: Steve Litvack | last post by:
Hello, I have built an XMLDocument object instance and I get the following string when I examine the InnerXml property: <?xml version=\"1.0\"?><ROOT><UserData UserID=\"2282\"><Tag1...
4
by: Guadala Harry | last post by:
I need to place the following into a string... How can I properly escape the % " / < and > characters? <table width="100%" border="0" cellspacing="0" cellpadding="4px" class="hfAll"></Table> ...
16
by: sudhir | last post by:
hi how to check escape key is pressed when accepting the string as input. Because I do not want to receive a string if user presses the ESCAPE key.. I used ascii code for comparision but I...
25
by: Wim Cossement | last post by:
Hello, I was wondering if there are a few good pages and/or examples on how to process form data correctly for putting it in a MySQL DB. Since I'm not used to using PHP a lot, I already found...
131
by: Lawrence D'Oliveiro | last post by:
The "escape" function in the "cgi" module escapes characters with special meanings in HTML. The ones that need escaping are '<', '&' and '"'. However, cgi.escape only escapes the quote character if...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.