8

We have a system that sends out regular emails with links in, many of which contain URL encoded parameters such as this:

href="http://www.mydomain.com/login.aspx?returnurl=http%3A%2F%2Fwww.mydomain.com%2Fview.aspx%3Fid%3D1234%26alert%3Dtrue"

You can see that the "returnurl" parameter is encoded. However, it seems that a large number of our users (seemingly hotmail) are receiving the emails with this paramater partly decoded such as:

href="http://www.mydomain.com/login.aspx?returnurl=http://www.mydomain.com/view.aspx?view.aspx%3Fid%3D1234%26alert%3Dtrue"

Why would it decode like this? Why only partly decode?? I therefore have no idea how to deal with it. I thought of base-64 encoding but that base64 strings contain characters that would need decoding too... I thought of double encoding but then I will not know whether to double-decode the parameter or not... Can anyone help? Thanks.

ShibbyUK
  • 1,501
  • 9
  • 12
  • We also se this isse with hotmail users. links works fine in gmail etc. Anyone? – Anders Feb 26 '14 at 13:46
  • Sure. Login to a Hotmail account, Create a new email with links just like the original and send it to yourself. Now view message source and find how Hotmail is formatting this message. – suchislife Feb 23 '21 at 06:41

1 Answers1

0

One reason this could be happening is because url rules for encoding are different before and after ? so if mechanism that is doing decoding does it from the 'back' of url and apples query decoding rules until it finds first ? then this could cause problem you are describing...

Not sure how to deal with it though as I understand system that does this inappropriate decoding is outside of your control. I would try to hide the ? in return url query somehow...

Community
  • 1
  • 1
Matas Vaitkevicius
  • 58,075
  • 31
  • 238
  • 265
  • How about encoding everything after `returnurl=` to base64? Then decode and forward to decoded path on server side? You could skip standard URL encoding entirely. I see quite a few sites doing this. – suchislife Feb 23 '21 at 06:43