4

I have a controller with a method that has a variable passed in the route - the Controller:

[Route("cont/{MyParameter}")]
public ActionResult Index(string MyParameter)
{
...
}

When I pass a value (abcdef) in the URL like this it's fine:

http://localhost/my-website/cont/abcdef

But when I pass one with encoded slashes - it fails - as if the slashes aren't encoded - e.g.:

http://localhost/my-website/cont/abc%2fdef

I get a "The Resource cannot be found" in IIS - with a requested URL displayed in the body of:

Requested URL
   http://localhost:80/f-website/cont/abc/def

It appears to have added slashes - even though they were encoded.

The address bar still shows the original URL with %2f in however.

How can I pass / in as a parameter? I thought URL Encoding was the solution here but it apparently is having no effect.

I can find nothing on Google about this specific issue.

niico
  • 11,206
  • 23
  • 78
  • 161
  • Maybe this post can help you: http://stackoverflow.com/questions/591694/url-encoded-slash-in-url – Bruno Apr 12 '17 at 14:56
  • 1
    There is also http://stackoverflow.com/questions/1957115/is-a-slash-equivalent-to-an-encoded-slash-2f-in-the-path-portion-of-a ... basically it is unlikely to work the way you expect on most web servers even if [URI RFC](http://www.ietf.org/rfc/rfc3986.txt) says otherwise. – Alexei Levenkov Apr 12 '17 at 15:02
  • @AlexeiLevenkov Interesting - no solutions there though. How can en encoded parameter (which this value is) be reliably transported in a URI if it contains slashes? Any best practice here? – niico Apr 12 '17 at 16:01
  • @niico there is some suggestion (`genericUriParserOptions="DontUnescapePathDotsAndSlashes"`) in the q from first comment... But I personally would not include something that can have slashes (and likely all other kind of characters) as part of path. Query params have no restrictions at all - so may be fit better for such values. You also may consider if you really need that value as is for identification purposes - unique IDs usually are alphanumeric and can be part of path while other properties (like title) can have all sort of characters that don't fit into path restrictions. – Alexei Levenkov Apr 12 '17 at 17:04
  • Query params? Do you mean using a querystring has no such restriction? – niico Apr 12 '17 at 19:45
  • [(Please) Stop Using Unsafe Characters in URLs](https://perishablepress.com/stop-using-unsafe-characters-in-urls/) – NightOwl888 Apr 13 '17 at 07:44
  • So querystring is the solution to this right?! – niico Apr 13 '17 at 08:37
  • @NightOwl888 does that also count for querystrings - or just REST? – niico Apr 13 '17 at 08:37
  • 1
    My take on it is this: URLs are first and foremost a machine-readable syntax. If you want your application to be 100% reliable, you should stick with alphanumeric and dashes only. Encoding is something you should avoid in the path of the URL. Query strings on the other hand are designed for the downstream application to read, so you can get away with encoding on most characters. That said, I would steer clear of characters that have special meaning in URLs (see the list in the above link) because all bets are off that all servers and firewalls will interpret them as raw data to be passed on. – NightOwl888 Apr 13 '17 at 11:55
  • 1
    So, first I would look at the application design and determine if you *really* need this to be a forward slash. If the answer is still yes, I suggest using token replacement that your application can understand that follows normal URL rules (`/somewhere-fslash-interesting/this-page-bslash-is/`). Your application would then be responsible for doing the token replacement `-fslash-` to `/` (you could probably use filters or value providers for this). That makes it more human-friendly, as well as machine-readable. – NightOwl888 Apr 13 '17 at 12:04

1 Answers1

1

Best solution I found was using a wildcard:

    [HttpGet]
    [Route("my-action-url/{*parameter}")]
    public IActionResult MyAction(string parameter)
    {
      // Some code here
    }
0lukasz0
  • 3,155
  • 1
  • 24
  • 40