浏览器在URL的路径部分中将编码的斜杠(%2F)转换为文字斜杠(/)
[英]Browser converts encoded slash (%2F) to literal slash (/) in path portion of URL
问题描述
I'm currently working with an email confirmation after registration using ASP.NET Identity . 
使用ASP.NET Identity注册后,我目前正在使用电子邮件确认。
This library provides a token generation which is needed to complete the registration. 该库提供了完成注册所需的令牌生成。 This token is used in our application in the following path: 此令牌在我们的应用程序中的以下路径中使用:
https://localhost/#/account/{token}/setup
And the token is generated by invoking: 令牌是通过调用生成的:
var emailToken = _userManager.GenerateEmailConfirmationToken(newUser.Id);
Once I have my token generated, I add it in the path by doing a string.Format this way: 生成令牌后,通过执行string.Format将其添加到路径中, string.Format如下:
string.Format("https://localhost/#/account/{0}/setup", HttpUtility.UrlEncode(emailToken));
The result looks like this: 结果看起来像这样:
https://localhost/#/account/AQAAANCMnd8BFdERjHoAwE%2fCl%2bsBAAAA6gbQhGTTMUWVHDgOwC9T9AAAAAACAAAAAAAQZgAAAAEAACAAAAAqo%2fiAv8iIn7Zox9pS3MOUMVNisAo7Bnada6%2f9wKEe6wAAAAAOgAAAAAIAACAAAABUu7WkD9vHvN2EDz2%2bqGwvJ4j6gj%2f4PaBTbI861jfEcWAAAADJV74LZjKAXv5v1FqYVuWLyTpPBCnLfopSi3rsEEwMHFKwltHL3moL2h%2fvYVs%2fu3LB%2br5Qytuu%2fZYOUWQTY5KzBqHeZoi7RJ02emDI0NTRhIKxfSGGIdbYxuAjsW14G0BAAAAACsC8L%2bdUDzFMgKUOkxWhKofAz8L0mH5VFEt8Oq%2fKYsxIiu4fiA2sGlPfDhhKQnV2lg%2ba8qHydUjqmyfxNex0Pg%3d%3d/setup
but when I open this url in the browser I get: 但是,当我在浏览器中打开该网址时,我得到:
...and so on!
...等等!
What I see is that the url is encoded correctly in the body of the email, but is decoded when I open it in the browser by replacing the encoded "%2f" to "/" . 我看到的是该url在电子邮件的正文中已正确编码,但是当我在浏览器中通过将编码的“%2f”替换为“ /”来解码时,该URL被解码了。 This leads to an invalid route in my application being that I expect the "/" to be a separator between different resources. 这导致我的应用程序中的路由无效,因为我希望“ /”成为不同资源之间的分隔符。
Any thoughts of this behaviour? 对这种行为有任何想法吗?
References: 参考文献:
1 个解决方案
解决方案1
3 已采纳 2017-01-02 15:48:10
It's probably decoding it because it considers it part of the path. 它可能正在解码它,因为它认为它是路径的一部分。
I would suggest you explicitly treat it as a parameter. 我建议您显式地将其视为参数。 That will tell the browser not to decode it. 这将告诉浏览器不要对其进行解码。 For instance, instead of having this path: 例如,代替使用此路径:
https://localhost/#/account/AQAAANCMnd8BFdERjHoAwE%2fCl%2bsBAAAA6gbQh .......... https:// localhost /#/ account / AQAAANCMnd8BFdERjHoAwE%2fCl%2bsBAAAA6gbQh ..........
Use this path: 使用此路径:
https://localhost/#/account/?t=AQAAANCMnd8BFdERjHoAwE%2fCl%2bsBAAAA6gbQh ...... https:// localhost /#/ account /?t = AQAAANCMnd8BFdERjHoAwE%2fCl%2bsBAAAA6gbQh ......
Notice the addition of ?t= after the end of the account path. 请注意,在帐户路径末尾添加了?t= 。
Then consume the t parameter in your application. 然后在应用程序中使用t参数。 That will tell the browser that the value at the end is not to be decoded as part of the path but rather preserved in encoded form because it's a parameter. 这将告诉浏览器,结尾处的值不会作为路径的一部分进行解码,而应以编码形式保留,因为它是一个参数。
This would obviously change the path you have (because of the setup part) so adjust accordingly. 显然,这将更改您的路径(由于设置部分),因此请进行相应调整。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.