应该使用哪个EncodeFor location()?
如果我想通过位置推送一些数据,它应该是什么样?
If I want to push some data via location, what should it look like?
location("obtainBDK.cfm?message=#ErrorMessage#", false); // nothingOR
location("obtainBDK.cfm?message=#EncodeForHTMLAttribute(ErrorMessage)#", false);OR
location("obtainBDK.cfm?message=#EncodeForURL(ErrorMessage)#", false);或
还有什么?
推荐答案cflocation/location设置Location HTTP标头.浏览器读取此值,并通过HTTP GET请求提及的资源.所述URI应该被编码.
cflocation/location sets the Location HTTP header. The browser reads this value and requests the mentioned resource via HTTP GET. Said URI should be encoded.
现在唯一需要编码的URI部分是查询字符串,该字符串以问号?开头.每个键值对均由编码键,等号=和编码值组成.多对用&符号定界..
Now the only URI part that requires encoding is the query string, which starts with a question mark ?. Each key-value-pair consist of the encoded key, an equal-sign = and the encoded value. Multiple pairs are delimited by an ampersand &.
根据 RFC 1738 :
因此,只有字母数字,特殊字符"$ -_.+!*'()"以及用于保留目的的保留字符可以在URL中未经编码地使用.
Thus, only alphanumerics, the special characters "$-_.+!*'(),", and reserved characters used for their reserved purposes may be used unencoded within a URL.
保留字符示例
未编码的URI: example/path?&=&&===&?
Reserved Characters Example
Unencoded URI: example/path?&=&&===&?
预期的键值对:
- "&": "&" - "=": "=" - "?": ""但是,正确的解析器只能看到空键和空值.我们需要对键和值进行编码,以免将其用于技术目的.
However, a proper parser would only see empty keys and values. We need to encode keys and values so they are not treated for their technical purpose.
编码的URI: example/path?%26=%26&%3D=%3D&%3F&%20=%20!
现在,根据 RFC 3986 并且不能被解析器弄错.
Now all characters in key and value are percent-encoded according to RFC 3986 and cannot be mistaken by the parser.
kvps = []; key = "message"; val = ErrorMessage; kvps.append( urlEncodedFormat(key) & "=" & urlEncodedFormat(val) ); targetUrl = "btainBDK.cfm?" & arrayToList(kvps, "&"); location(targetUrl, false);urlEncodedFormat与encodeForUrl
- urlEncodedFormat将空格编码为%20(百分比编码)
- encodeForUrl将空格编码为+( application/x-www-form-urlencoded )
- urlEncodedFormat encodes a space as %20 (percent-encoded)
- encodeForUrl encodes a space as + (application/x-www-form-urlencoded)
urlEncodedFormat vs. encodeForUrl
尽管...
Adobe建议您使用EncodeForURL函数,而不是URLEncodedFormat函数,以转义字符串中的特殊字符以在所有新应用程序的URL中使用.
我遇到的问题是,不能正确地区分+是空格还是实际加号,尤其是在上下文更改时(CF<-> JS).因此,不管Adobe对此有何看法,我都会推荐urlEncodedFormat.
I encountered issues where + could not be properly distinguished between being a space or an actual plus sign, especially when the context changes (CF <-> JS). So I would recommend urlEncodedFormat regardless of Adobe's opinion about it.
更多推荐
应该使用哪个EncodeFor进行定位?
发布评论