Online URL Encoder

I have trouble with encoding/decoding http parameters & the validation of them in my java web application.

I'm using OWASP's ESAPI to validate the input and there is a problem with the validation.

This is my workflow:

1) Sending Get/Post Request to server and encoding parameters via encodeURIComponent

$.getJSON("/app/con",    {     type: "type1",     search: encodeURIComponent(search_string)    }, function (data){        // ...    });

2) Retrieving the parameters on the server side in my Servlet

String search_string = ESAPI.httpUtilities().getParameter(request, "search");

The issue is the following:

let me give you an example:

1. Client send GET with search_string = ü
2. It gets encoded when sending to server, results in search_string = %C3%BC
3. ESAPI.httpUtilities().getParameter() does the following:
4. String is retrieved via request.getParameter("search_string") which results in search_string = %C3%BC
5. ESAPI does pre validation with regex which passes (regex is totally fine)
6. ESAPI then canonicalizes the string which results in search_string = ü
7. ESAPI then trys to do the validation with the regex which obiously fails because those characters (after canonicalization) are not included in the regex
8. Im was looking to keep the regex simple with normal letters a-zA-ZüöäÜÖÄß

I'm confused in the way that ESAPI does canonicalization on the string because that messes up the letters and keeps the regex from working. I would like to have the string decoded first because then everything would be fine.

Does anyone have an idea on how to counter this behaviour?

greeting

On my site, a user can enter text in a field called "Description". I can get whatever text was entered by performing a query and returning this as $description. I eventually want to use this information to build a URL. I am running into issues if the user enters a "," in part of the text. As an example, let's say the user entered "test description, test description".

$description will return as: "test%20description,%20test%20description"

Running urlencode($description) results in: "test+description%2C+test+description"

This is okay for the "test+description" part, but not the %2C. Ultimately what I am asking is, how can I instead return: "test+description,+test+description"

I know this is a fairly common error with URL encoding. The problem I suspect is the MOSS Filter webpart used to filter a dataview webparts results based on the querystring paramter passed to it from the Filter webpart.

When the query string contains an & (ampersand) symbol the dataview webpart is unable to display any results but does not display any errors.

When I replace the ampersand in the query string below with %26 then I get an exception 'Input string was not in a correct format'

http://localhost/subsite/Pages/Test.aspx?SS=Test%20Governance%20&%20Directors no error caused but filter (SS) passed to the Data view webpart shows no results.

http://localhost/subsite/Pages/Test.aspx?SS=Test%20Governance%20%26%20Directors replacing the & with %26 produces an exception 'Input string was not in a correct format' is thrown

Can we use the ampersand in the query string from a Filter webpart? I have read that the consumer webpart reads this as another parameter being passed to it, maybe that is the problem? Though I have configured the Filter webpart to only pass the first parameter.

This is my ajax call :

function callServer(){    alert('before : ' +uncompressed64Data.length);    var compressed = LZString.compressToUTF16(uncompressed64Data);    alert('after : ' +compressed.length);    debugger;    jQuery.ajax({        url : "/RegisterServlet_2/servlet/Register",        type : "POST",        data: "img="+compressed,        cache : false,        async : false,        success : function()        {        },        error : function()        {        }    });}

I am getting following error while try to receive it in error:

Character decoding failed. Parameter [img] with value [Ả㠵堥ä?¢æ¡¥Æ´Û?ୠ⤡á?®ã? ä??à©?má¹?â?¤â° â?]has been ignored. Note that the name and value quoted here may be corrupted due to the failed decoding. Use debug level logging to see the original, non-corrupted values.

Fyi, 1.I have mentioned header of html file utf82.server.xml mentioned

URIEncoding="UTF-8"

3.server side mentioned,

request.setCharacterEncoding("utf-8");

Please note I don't want any encoding and I just want to get the data which I sent.

Thanks in advance.

I am showing PDF files in browser and facing some issue with the urls.

2B%2bSewer%2cWater%2ctestdra-ghjguson-COB%2bReview+(6).pdf

The above link is working its from aws but when i am doing Url encoidng of below file name

2B+Sewer,Water,testdra-ghjguson-COB+Review+(6).pdf

the name becomes

2B%2bSewer%2cWater%2ctestdra-ghjguson-COB%2bReview%2b(6).pdf

which is not working.

Any one faced this issue before why this last + sign in the url need not to be encoded.