Solved

W3C compliance and & in my URL

Posted on 2014-03-11
19
413 Views
Last Modified: 2014-03-22
I have site that has been created using Coldfusion. I pass parameters in the URL so my URLs contain '&'.  When I use the W3C validator tool I get many warnings because of the & in the URL.  What should I be doing differently so that I do not get the warnings?
0
Comment
Question by:WestCoast_BC
  • 6
  • 5
  • 4
  • +2
19 Comments
 
LVL 52

Expert Comment

by:_agx_
ID: 39920919
(Edit)

The "&" has a special meaning. It's is reserved for separating parameters in the query string. If you're using it any other way, the & should be properly url encoded. Use URLEncodedFormat():

<!--- notice only the & in the value is encoded --->
<cfoutput>
   <a href="test.cfm?param=#URLEncodedFormat('foo & bar')#&param2=aaaa">Test</a>
</cfoutput>
0
 

Author Comment

by:WestCoast_BC
ID: 39920964
I am using the & to separate parameters in the query string.  For example, the following gives me warnings and errors in the validator:

<a class="transition" title="Home" href="index.cfm?page_id=24&menu_id=1&Label=About Us" >...</a>

The errors/warnings are:

An entity reference was found in the document, but there is no reference by that name defined. Often this is caused by misspelling the reference name, unencoded ampersands, or by leaving off the trailing semicolon (;). The most common cause of this error is unencoded ampersands in URLs as described by the WDG in "Ampersands in URLs".
This is usually a cascading error caused by a an undefined entity reference or use of an unencoded ampersand (&) in an URL or body text. See the previous message for further details.
If you meant to include an entity that starts with "&", then you should terminate it with ";". Another reason for this error message is that you inadvertently created an entity by failing to escape an "&" character just before this text.
0
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 333 total points
ID: 39921018
Hm.. they're saying it errors because the validator assumes the & is an entity like "&copy" and that instead of:

      <a href="foo.cgi?chapter=1&section=2&copy=3&lang=en">...</a>

it should be written as:

<a href="foo.cgi?chapter=1&amp;section=2&amp;copy=3&amp;lang=en">...</a>

I can't try it out at the moment, but .. that's what the validator is expecting.
0
 
LVL 4

Expert Comment

by:Rodrigo Munera
ID: 39921135
(no points)

Yes, _agx_ is correct, you should encode your links in your anchor <a> tags correctly escaping the ampersands, <a href="foo.cgi?chapter=1&amp;section=2&amp;copy=3&amp;lang=en">...</a>.

The browser will properly interpret the escaped ampersands once you click on the link and the URL will look like foo.cgi?chapter=1&section=2&copy=3&lang=en

I now do this in all my coding to stay compliant.
0
 

Author Comment

by:WestCoast_BC
ID: 39921157
OK, thank you.

Is there a coldfusion or javascript function that will convert a string with & to &amp;?
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 39921192
Did you try the solution you were first given? http:#a39920919
0
 

Author Comment

by:WestCoast_BC
ID: 39921217
The solution does work.

The reason why I am asking is that I have some URLs that are dynamically created based on a URL provided by a user.  If the user copies a URL from a different site and pastes it into my sight it may contain &.
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 39921252
What happens when you URLEncode that dynamic data?

no points
0
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 333 total points
ID: 39921262
(Edit) You could always parse the url string. URLDecode it then split it on the ? character to separate the base url and url params:

         <cfset parsedURL = URLDecode(theString)>
         <cfset baseURL = getToken(parsedURL, 1, "?")>
         <cfset queryString = getToken(parsedURL, 2, "?")>

Finally, URL encode the query string and put it back together.  I think that would work
 
          <cfset newURL = baseURL>
          <cfif len(queryString)>
               <cfset newURL = listAppend(newURL , URLEncodedFormat(queryString), "?")>
          </cfif>

Reason for URL decoding first is to ensure you don't end up double encoding stuff...
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 4

Expert Comment

by:Rodrigo Munera
ID: 39921276
You can change your encoding using jquery but it won't validate on the w3c checker since it doesn't run client code when validating.

I'm not sure that URLEncodedFormat will escape your ampersands because if you were to use it on the server side and cflocation to encode it, it would pass the encoded ampersand as part of the URI.  and treat "amp;" as part of the query variable, which would cause undesirable behavior.
0
 

Author Comment

by:WestCoast_BC
ID: 39921299
You can change your encoding using jquery but it won't validate on the w3c checker since it doesn't run client code when validating.

I'm not sure that URLEncodedFormat will escape your ampersands because if you were to use it on the server side and cflocation to encode it, it would pass the encoded ampersand as part of the URI.  and treat "amp;" as part of the query variable, which would cause undesirable behavior.

I am running into this problem if I try to URLEncode the URL when I use CFLocation
0
 
LVL 4

Expert Comment

by:Rodrigo Munera
ID: 39921318
Yeah, when using cflocation you should not escape the ampersand.
0
 

Author Comment

by:WestCoast_BC
ID: 39921323
I guess I can use ReReplace to replace all & with &amp; in my  URLs
0
 
LVL 4

Expert Comment

by:Rodrigo Munera
ID: 39921343
Yeah, make sure you're not replacing already-escaped ampersands. You don't want a URI

?variable=value&var2=2&amp;var3=3

Open in new window


looking like

?variable=value&amp;var2=2&&amp;var3=3

Open in new window

0
 
LVL 52

Expert Comment

by:_agx_
ID: 39921397
> I am running into this problem if I try to URLEncode the URL when I use CFLocation

Well the original issue doesn't really apply to CFLocation. The WC validator is checking what's in the generated HTML.  CFlocation is server side, so it should be a moot point.  

Sounds like you should store the URL's un-encoded, and do the encoding only when and/if you're embedding those url's in the generated html (not to be confused with raw CFML code)
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 39921457
changing & to &amp; is not urlencode.  An url encode & is converted to %26 which is correctly interpreted by virtually every browser and server that exists, and it is 100% W3C compliant.

Cd&
0
 

Author Comment

by:WestCoast_BC
ID: 39921463
So I should convert by & to %26 instead?
0
 
LVL 53

Accepted Solution

by:
COBOLdinosaur earned 167 total points
ID: 39921500
Yes the % indicate that the value following it is a Hex number representing the ordinal position of the character in the ASCII collating sequence.  You do the same thing with spaces by replacing them with %20

Cd&
0
 
LVL 52

Expert Comment

by:_agx_
ID: 39921536
> changing & to &amp; is not urlencode

Gah... you're right.  Too little sleep and my brain is using url <=> html encoding interchangeably (they're not).  

Time for me to pack it in and switch to single threaded mode ...zzz
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…
The viewer will learn how to dynamically set the form action using jQuery.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now