Hi.
In my opinion, it is a *very* bad idea to use the user's input to create
a filename on your system, even if you filter out some characters. You
will always forget something, and some malignant user will always find a
way to make your application write to "../../../../etc/passwd" or " >
/
For safety's sake, I generally restrict URLs to numbers, letters,
underscores, and dashes. Remove apostrophes and quotes, replace any
other characters with underscores, and compress consecutive
underscores. Lowercasing everything is not a bad idea either.
So http://test.com/Testfile_"Test's
I'm using the latest FireFox on Linux. I am building a web application
where these URL's are created dynamically based on a users input in a
"title" field. I am filtering their input and encoding it, I guess it
would be best to just delete them with the filter. Is there a list of
all these chara
Sounds like a browser issue. My browser (Safari) doesn't do that. Are
you using Internet Explorer? Try another browser.
Also, it's bad practice to have non-URL-safe characters in the URL,
encoded or not.
On 14-Nov-08, at 11:16 AM, Rick Bragg wrote:
Hi,
I have a problem with file name enc
Hi,
I have a problem with file name encodings in URL's, and I don't know if
it is a browser or a server issue
I have a file like this:
http://test.com/Testfile_%22Test%27s%22.html
but when I try to browse to it, it gets re-written to the following and
causes a 404.
http://test.com/Testfile_"Te
