?
Solved

W3C compliance and & in my URL

Posted on 2014-03-11
19
Medium Priority
?
426 Views
Last Modified: 2014-03-22
I have site that has been created using Coldfusion. I pass parameters in the URL so my URLs contain '&'.  When I use the W3C validator tool I get many warnings because of the & in the URL.  What should I be doing differently so that I do not get the warnings?
0
Comment
Question by:WestCoast_BC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 4
  • +2
19 Comments
 
LVL 52

Expert Comment

by:_agx_
ID: 39920919
(Edit)

The "&" has a special meaning. It's is reserved for separating parameters in the query string. If you're using it any other way, the & should be properly url encoded. Use URLEncodedFormat():

<!--- notice only the & in the value is encoded --->
<cfoutput>
   <a href="test.cfm?param=#URLEncodedFormat('foo & bar')#&param2=aaaa">Test</a>
</cfoutput>
0
 

Author Comment

by:WestCoast_BC
ID: 39920964
I am using the & to separate parameters in the query string.  For example, the following gives me warnings and errors in the validator:

<a class="transition" title="Home" href="index.cfm?page_id=24&menu_id=1&Label=About Us" >...</a>

The errors/warnings are:

An entity reference was found in the document, but there is no reference by that name defined. Often this is caused by misspelling the reference name, unencoded ampersands, or by leaving off the trailing semicolon (;). The most common cause of this error is unencoded ampersands in URLs as described by the WDG in "Ampersands in URLs".
This is usually a cascading error caused by a an undefined entity reference or use of an unencoded ampersand (&) in an URL or body text. See the previous message for further details.
If you meant to include an entity that starts with "&", then you should terminate it with ";". Another reason for this error message is that you inadvertently created an entity by failing to escape an "&" character just before this text.
0
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 1332 total points
ID: 39921018
Hm.. they're saying it errors because the validator assumes the &  is an entity like "&copy" and that instead of:

      <a href="foo.cgi?chapter=1&section=2&copy=3&lang=en">...</a>

it should be written as:

<a href="foo.cgi?chapter=1&amp;section=2&amp;copy=3&amp;lang=en">...</a>

I can't try it out at the moment, but .. that's what the validator is expecting.
0
Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

 
LVL 4

Expert Comment

by:Rodrigo Munera
ID: 39921135
(no points)

Yes, _agx_ is correct, you should encode your links in your anchor <a> tags correctly escaping the ampersands, <a href="foo.cgi?chapter=1&amp;section=2&amp;copy=3&amp;lang=en">...</a>.

The browser will properly interpret the escaped ampersands once you click on the link and the URL will look like foo.cgi?chapter=1&section=2&copy=3&lang=en

I now do this in all my coding to stay compliant.
0
 

Author Comment

by:WestCoast_BC
ID: 39921157
OK, thank you.

Is there a coldfusion or javascript function that will convert a string with & to &amp;?
0
 
LVL 53

Expert Comment

by:Scott Fell, EE MVE
ID: 39921192
Did you try the solution you were first given? http:#a39920919
0
 

Author Comment

by:WestCoast_BC
ID: 39921217
The solution does work.

The reason why I am asking is that I have some URLs that are dynamically created based on a URL provided by a user.  If the user copies a URL from a different site and pastes it into my sight it may contain &.
0
 
LVL 53

Expert Comment

by:Scott Fell, EE MVE
ID: 39921252
What happens when you URLEncode that dynamic data?

no points
0
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 1332 total points
ID: 39921262
(Edit) You could always parse the url string. URLDecode it then split it on the ? character to separate the base url and url params:

         <cfset parsedURL = URLDecode(theString)>
         <cfset baseURL = getToken(parsedURL, 1, "?")>
         <cfset queryString = getToken(parsedURL, 2, "?")>

Finally, URL encode the query string and put it back together.  I think that would work
 
          <cfset newURL = baseURL>
          <cfif len(queryString)>
               <cfset newURL = listAppend(newURL , URLEncodedFormat(queryString), "?")>
          </cfif>

Reason for URL decoding first is to ensure you don't end up double encoding stuff...
0
 
LVL 4

Expert Comment

by:Rodrigo Munera
ID: 39921276
You can change your encoding using jquery but it won't validate on the w3c checker since it doesn't run client code when validating.

I'm not sure that URLEncodedFormat will escape your ampersands because if you were to use it on the server side and cflocation to encode it, it would pass the encoded ampersand as part of the URI.  and treat "amp;" as part of the query variable, which would cause undesirable behavior.
0
 

Author Comment

by:WestCoast_BC
ID: 39921299
You can change your encoding using jquery but it won't validate on the w3c checker since it doesn't run client code when validating.

I'm not sure that URLEncodedFormat will escape your ampersands because if you were to use it on the server side and cflocation to encode it, it would pass the encoded ampersand as part of the URI.  and treat "amp;" as part of the query variable, which would cause undesirable behavior.

I am running into this problem if I try to URLEncode the URL when I use CFLocation
0
 
LVL 4

Expert Comment

by:Rodrigo Munera
ID: 39921318
Yeah, when using cflocation you should not escape the ampersand.
0
 

Author Comment

by:WestCoast_BC
ID: 39921323
I guess I can use ReReplace to replace all & with &amp; in my  URLs
0
 
LVL 4

Expert Comment

by:Rodrigo Munera
ID: 39921343
Yeah, make sure you're not replacing already-escaped ampersands. You don't want a URI

?variable=value&var2=2&amp;var3=3

Open in new window


looking like

?variable=value&amp;var2=2&&amp;var3=3

Open in new window

0
 
LVL 52

Expert Comment

by:_agx_
ID: 39921397
> I am running into this problem if I try to URLEncode the URL when I use CFLocation

Well the original issue doesn't really apply to CFLocation. The WC validator is checking what's in the generated HTML.  CFlocation is server side, so it should be a moot point.  

Sounds like you should store the URL's un-encoded, and do the encoding only when and/if you're embedding those url's in the generated html (not to be confused with raw CFML code)
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 39921457
changing & to &amp; is not urlencode.  An url encode & is converted to %26 which is correctly interpreted by virtually every browser and server that exists, and it is 100% W3C compliant.

Cd&
0
 

Author Comment

by:WestCoast_BC
ID: 39921463
So I should convert by & to %26 instead?
0
 
LVL 53

Accepted Solution

by:
COBOLdinosaur earned 668 total points
ID: 39921500
Yes the % indicate that the value following it is a Hex number representing the ordinal position of the character in the ASCII collating sequence.  You do the same thing with spaces by replacing them with %20

Cd&
0
 
LVL 52

Expert Comment

by:_agx_
ID: 39921536
> changing & to &amp; is not urlencode

Gah... you're right.  Too little sleep and my brain is using url <=> html encoding interchangeably (they're not).  

Time for me to pack it in and switch to single threaded mode ...zzz
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Dramatic changes are revolutionizing how we build and use technology. Every company is automating, digitizing, and modernizing operations. We need a better, more connected way to work together as teams so we can harness the insights from our system…
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
This video teaches users how to migrate an existing Wordpress website to a new domain.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question