data:text/html;base64,77u/data:text/html;base64,77u/PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ImVuLVVTIiBjbGFzcz0ia
I saw a url as the one above.
what is it called ?
how do i encrypt a url to be like that ?
It's called base64 encoding; what's encoded in your example is not a web address, but actual HTML content itself.
Note that it's trivially easy to decode for anyone. Base64 is not suitable for "encrypting" resources. You can not hide content or URLs from your visitors this way.
Using this makes sense only in a very limited set of situations, like when you want to reduce the number of HTTP requests and store multiple resources inside one HTML page.
If you still want to use it - there are online base64 encoders and decoders like this one. You'd use what you have above and replace everything after base64,.
Related
I want to use the Microsoft AntiXss library for my project. When I use the Microsoft.Security.Application.Encoder.HtmlEncode(str) function to safely show some value in my web page, it encodes Farsi characters which I consider to be safe. For instance, it converts لیست to لیست. Am I using the wrong function? How should I be able to print the user input in my page safely?
I'm currently using it like this:
<h2>#Encoder.HtmlEncode(ViewBag.UserInput)</h2>
I think I messed up! Razor view encodes the values unless you use #Html.Raw right? Well, I encoded the string and it encoded it again. So in the end it just got encoded twice and hence, the weird looking chars (Unicode values)!
If your encoding (lets assume that it's Unicode by default) supports Farsi it's safe to use Farsi, without any additional effort, in ASP.NET MVC almost always.
First of all, escape-on-input is just wrong - you've taken some input and applied some transformation that is totally irrelevant to that data. It's generally wrong to encode your data immediately after you receive it from the user. You should store the data in pure view to your database and encode it only when you display it to the user and according to the possible vulnerabilities for the current system. For example the 'dangerous' html characters are not 'dangerous' for SQL or android etc. and that's one of the main reasons why you shouldn't encode the data when you store it in the server. And one more reason - when you html encode the string you got 6-7 times more characters for your string. This can be a problem with server constraints for strings length. When you store the data to the sql server you should escape, validate, sanitize your data only for it and prevent only its vulnerabilities (like sql injection).
Now for ASP.NET MVC and razor you don't need to html encode your strings because it's done by default unless you use Html.Raw() but generally you should avoid it (or html encode when you use it). Also if you double encode your data you'll result in corrupted output :)
I Hope this will help to clear your mind.
I'm trying to create an Application, which is able to upload an image to https://www.google.de/searchbyimage/upload. I got that working (Posting multipart/form-data via C#)
The only thing I now need to know is:
How is the image sent by the browser usually? In the multipart/form-data I found something called "image_content" in a sniffed request, what stores the image data.
But I don't know which format the image is stored.
------WebKitFormBoundaryumAjUbPr6ymfh8hM
Content-Disposition: form-data; name="image_content"
_9j_4AAQSkZJRgABAgAAAQABAAD__gAEKgD_4gv4SUNDX1BST0ZJTEUAAQEAAAvoAAAAAAIAAABtbnRyUkdCIFhZWiAH2QADABsAFQAkAB9hY3NwAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAA9tYAAQAAAADTLQAAAAAp-D3er_JVrnhC-uTKgzkNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBkZXNjAAABRAAAAHliWFlaAAABwAAAABRiVFJDAAAB1AAACAxkbWRkAAAJ4AAAAIhnWFlaAAAKaAAAABRnVFJDAAAB1AAACAxsdW1pAAAKfAAAABRtZWFzAAAKkAAAACRia3B0AAAKtAAAABRyWFlaAAAKyAAAABRyVFJDAAAB1AAACAx0ZWNoAAAK3AAAAAx2dWVkAAAK6AAAAId3dHB0AAALcAAAABRjcHJ0AAALhAAAADdjaGFkAAALvAAAACxkZXNjAAAAAAAAAB9zUkdCIElFQzYxOTY2LTItMSBibGFjayBzY2FsZWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWFlaIAAAAAAAACSgAAAPhAAAts9jdXJ2AAAAAAAABAAAAAAFAAoADwAUABkAHgAjACgALQAyADcAOwBAAEUASgBPAFQAWQBeAGMAaABtAHIAdwB8AIEAhgCLAJAAlQCaAJ8ApACpAK4AsgC3ALwAwQDGAMsA0ADVANsA4ADlAOsA8AD2APsBAQEHAQ0BEwEZAR8BJQErATIBOAE-AUUBTAFSAVkBYAFnAW4BdQF8AYMBiwGSAZoBoQGpAbEBuQHBAckB0QHZAeEB6QHyAfoCAwIMAhQCHQImAi8COAJBAksCVAJdAmcCcQJ6AoQCjgKYAqICrAK2AsECywLVAuAC6wL1AwADCwMWAyEDLQM4A0MDTwNaA2YDcgN-A4oDlgOiA64DugPHA9MD4APsA_kEBgQTBCAELQQ7BEgEVQRjBHEEfgSMBJoEqAS2BMQE0wThBPAE_gUNBRwFKwU6BUkFWAVnBXcFhgWWBaYFtQXFBdUF5QX2BgYGFgYnBjcGSAZZBmoGewaMBp0GrwbABtEG4wb1BwcHGQcrBz0HTwdhB3QHhgeZB6wHvwfSB-UH-AgLCB8IMghGCFoIbgiCCJYIqgi-CNII5wj7CRAJJQk6CU8JZAl5CY8JpAm6Cc8J5Qn7ChEKJwo9ClQKagqBCpgKrgrFCtwK8wsLCyILOQtRC2kLgAuYC7ALyAvhC_kMEgwqDEMMXAx1DI4MpwzADNkM8w0NDSYNQA1aDXQNjg2pDcMN3g34DhMOLg5JDmQOfw6bDrYO0g7uDwkPJQ9BD14Peg-WD7MPzw_sEAkQJhBDEGEQfhCbELkQ1xD1ERMRMRFPEW0RjBGqEckR6BIHEiYSRRJkEoQSoxLDEuMTAxMjE0MTYxODE6QTxRPlFAYUJxRJFGoUixStFM4U8BUSFTQVVhV4FZsVvRXgFgMWJhZJFmwWjxayFtYW-hcdF0EXZReJF64X0hf3GBsYQBhlGIoYrxjVGPoZIBlFGWsZkRm3Gd0aBBoqGlEadxqeGsUa7BsUGzsbYxuKG7Ib2hwCHCocUhx7HKMczBz1HR4dRx1wHZkdwx3sHhYeQB5qHpQevh7pHxMfPh9pH5Qfvx_qIBUgQSBsIJggxCDwIRwhSCF1IaEhziH7IiciVSKCIq8i3SMKIzgjZiOUI8Ij8CQfJE0kfCSrJNolCSU4JWgllyXHJfcmJyZXJocmtyboJxgnSSd6J6sn3CgNKD8ocSiiKNQpBik4KWspnSnQKgIqNSpoKpsqzysCKzYraSudK9EsBSw5LG4soizXLQwtQS12Last4S4WLkwugi63Lu4vJC9aL5Evxy_-MDUwbDCkMNsxEjFKMYIxujHyMioyYzKbMtQzDTNGM38zuDPxNCs0ZTSeNNg1EzVNNYc1wjX9Njc2cjauNuk3JDdgN5w31zgUOFA4jDjIOQU5Qjl_Obw5-To2OnQ6sjrvOy07azuqO-g8JzxlPKQ84z0iPWE9oT3gPiA-YD6gPuA_IT9hP6I_4kAjQGRApkDnQSlBakGsQe5CMEJyQrVC90M6Q31DwEQDREdEikTORRJFVUWaRd5GIkZnRqtG8Ec1R3tHwEgFSEtIkUjXSR1JY0mpSfBKN0p9SsRLDEtTS5pL4kwqTHJMuk0CTUpNk03cTiVObk63TwBPSU-TT91QJ1BxULtRBlFQUZtR5lIxUnxSx1MTU19TqlP2VEJUj1TbVShVdVXCVg9WXFapVvdXRFeSV-BYL1h9WMtZGllpWbhaB1pWWqZa9VtFW5Vb5Vw1XIZc1l0nXXhdyV4aXmxevV8PX2Ffs2AFYFdgqmD8YU9homH1YklinGLwY0Njl2PrZEBklGTpZT1lkmXnZj1mkmboZz1nk2fpaD9olmjsaUNpmmnxakhqn2r3a09rp2v_bFdsr20IbWBtuW4SbmtuxG8eb3hv0XArcIZw4HE6cZVx8HJLcqZzAXNdc7h0FHRwdMx1KHWFdeF2Pnabdvh3VnezeBF4bnjMeSp5iXnnekZ6pXsEe2N7wnwhfIF84X1BfaF-AX5ifsJ_I3-Ef-WAR4CogQqBa4HNgjCCkoL0g1eDuoQdhICE44VHhauGDoZyhteHO4efiASIaYjOiTOJmYn-imSKyoswi5aL_IxjjMqNMY2Yjf-OZo7OjzaPnpAGkG6Q1pE_kaiSEZJ6kuOTTZO2lCCUipT0lV-VyZY0lp-XCpd1l-CYTJi4mSSZkJn8mmia1ZtCm6-cHJyJnPedZJ3SnkCerp8dn4uf-qBpoNihR6G2oiailqMGo3aj5qRWpMelOKWpphqmi6b9p26n4KhSqMSpN6mpqhyqj6sCq3Wr6axcrNCtRK24ri2uoa8Wr4uwALB1sOqxYLHWskuywrM4s660JbSctRO1irYBtnm28Ldot-C4WbjRuUq5wro7urW7LrunvCG8m70VvY--Cr6Evv-_er_1wHDA7MFnwePCX8Lbw1jD1MRRxM7FS8XIxkbGw8dBx7_IPci8yTrJuco4yrfLNsu2zDXMtc01zbXONs62zzfPuNA50LrRPNG-0j_SwdNE08bUSdTL1U7V0dZV1tjXXNfg2GTY6Nls2fHadtr724DcBdyK3RDdlt4c3qLfKd-v4DbgveFE4cziU-Lb42Pj6-Rz5PzlhOYN5pbnH-ep6DLovOlG6dDqW-rl63Dr--yG7RHtnO4o7rTvQO_M8Fjw5fFy8f_yjPMZ86f0NPTC9VD13vZt9vv3ivgZ-Kj5OPnH-lf65_t3_Af8mP0p_br-S_7c_23__2Rlc2MAAAAAAAAALklFQyA2MTk2Ni0yLTEgRGVmYXVsdCBSR0IgQ29sb3VyIFNwYWNlIC0gc1JHQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYWVogAAAAAAAAYpkAALeFAAAY2lhZWiAAAAAAAAAAAABQAAAAAAAAbWVhcwAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACWFlaIAAAAAAAAAMWAAADMwAAAqRYWVogAAAAAAAAb6IAADj1AAADkHNpZyAAAAAAQ1JUIGRlc2MAAAAAAAAALVJlZmVyZW5jZSBWaWV3aW5nIENvbmRpdGlvbiBpbiBJRUMgNjE5NjYtMi0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYWVogAAAAAAAA9tYAAQAAAADTLXRleHQAAAAAQ29weXJpZ2h0IEludGVybmF0aW9uYWwgQ29sb3IgQ29uc29ydGl1bSwgMjAwOQAAc2YzMgAAAAAAAQxEAAAF3___8yYAAAeUAAD9j___-6H___2iAAAD2wAAwHX_2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL_2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL_wgARCADvALQDACIAAREBAhEB_8QAGwAAAQUBAQAAAAAAAAAAAAAAAAIEBQYHAQP_xAAUAQEAAAAAAAAAAAAAAAAAAAAA_8QAFAEBAAAAAAAAAAAAAAAAAAAAAP_aAAwDAAABEQIRAAABv42oZooyrJczP5AuBS_EvRTEF2K2yLiUe2jtNHcHlVJicKbb4uim-qpd0AATmlijhdgot4IOepF-KD7e_iSzE9C2edfSS0lTZ4g5eMCtu_eXPPOr7QiW2jENwAA4dDh0OHeAdDnQOHQ4dDlGvTUygdVkl4ZdsHWjePqdAAAAAgZpkZqx2GOMvLXWTyItJLkQEv2HCY84sJX0hgmrxlrk3UaOzoABwjKHbmI5s8ZJgAMa3cgyiu7z5GCms0AhQAADvAmHtfWbuAAAAAAAcOiVAAFZsyDAx6yAAAD1WhZu4lkdbwfkXGCTFFycRvSRYumZULZX5smBo6OgGZU3T8wAAAD1WhZr1TkKsXJ3S34uXq_se8tF8LK1qsEatFRcIam8zPQR4AQWU6LlxLOYALS6pgX5VFWTcHtWUjTx3OnGfr0C3mE-lxsBmLbeMoIXm0NzF9Yo2tgAZ7QrVVQAAA9VoWbvie2ZKWmJcepC2OnXErb5m5Jqj3eil3YyEIc07PdCDnUGMxPp5gAAB6rQs3fPNDqYWfF3wrXMLli1OKF02nICIN0pNYYF4u1WtIRknWTJgABRzklGnqtKzdmT0KzZFBUrZ0IlMwHKpbATXbIDF8AQ8wFFL0FFeW4K9DXoKR27AAAcjyQ7FLJHsZ0kiJcj0IwkF1KXJYiXA-GboUAAAAAAcYSDE8loWJ7xQh-0QSVUscaR3q_9SFevujaUaeg8GXuewAAAAAAAAAAAAAAAAAAAAAAH_8QALhAAAgICAAQGAQMEAwAAAAAAAwQCBQABBhESFRATFBYgMTAiJTUhIzRQJDZA_9oACAEAAAEFAvz7x2_gPZLZ4mx27w9o3gz78TbJEJrmwXmsaLCzVk5Cyha2ZDJ2LbQK-xdbZPZ2Am7CxdTl6y5ypeK8Nt2zARawtGcOaK4IP2rEVrEz40mQles9KIrL8mkMon9mh4blrUV2FmHqE-aQjqyrv51NGKckW2FieoMxdcRf4YrBslmqqBXLL-NpP4hxf1Soj2dcOrOqwSS8ibKWduVD_reVxfJsPC5OaIKpQBxbkQFiw2QKa7TIHpnnFKmKYTLjDErS6KY-u6G6qXzdsWD55ar3mFg3MSyroWzSw0IMxMic4WGhxrQIyLGoxKG5u_Pl-Hllwd1M3eHs7y9k7Vwg8oE9yL_4ThGwJ2lOvvet63qO5bRoymkOERQ-dmFwsDFtl87k7nc3c7m7nc3s7o9ndHs7o9ndHs7o9ndXslYNTyNi3DO6vZ3Z7Kez21D4zlqEYuLk0IoziPWKMYfhzWHqnAZvXL8YDTXOseLC_wANk2bOa_OpiWMPEygGMNw8vPD0TYsIOYpfgWeZWH8GkCzYkJ2vmoIsYfKY4E0ajTLlijJBj5R-vz3i3no_KP1-Lq1r4y11abB6dr4x-vAjGozXd83JFHDLKw0EEDiJ4tS6FtwcMkkxNkPw4iD0OfGP1z5YVsIttRgRiMeubUqw5nK1YiQE1lsXcGzOU9RwsBmhGrLLac-WiMiETx4iH1JfGP1ZQiRLZN18KyEJwdFFZQxtBkrKcW7BiwYIiCVYV5_ScxWwmIKM-pDQG1JYiwik1428NTrNL7lmkd7yNXveapueaoo7zVAPlZ2y-t7sd8lrMShD3oWRd1hvQrgI2DXojileiIB2zC9nMG8XuwKgm2L1erqctqnGwDw4hn0o_GP1ZVxwHgKZZehbwgChyCxyR9E1hAlDkVTkj6JrJjmKWlWJR2qxrIRlOVMqRVLw4kn-v4x-mh-arUk8qzziKPNLh2fNDOJful3-15f7_c19clrCXRX0ceq08b-fVZfGP1htelsfcSuWNuu6nU2Q0Ne41ctrET-q64Aon7jVyxZi25DiBWMHrsDKXDseb3jZE8yx-MfrLwfRaJ0izSbFCAS1WoN1r26tltWCQHWVIXU_bi2PLxWe9urZaVQEVeGo_r8Jb5RnLrJ8Y_WcSD_ucPk6q8muoVPvy7bOJP8AF4f3-3ZY_qus4kl_Y4bj_wAXwsJ-XX_KP1nEA-qvXdYVj3iwyBSDN3iwxh5pqC77S0O8WOSKSZu8WGMuMNZQR5VnhfT6Kzx1r-risky5H6xpfTSyNPpE_LWHo4Gb5Y-jF4CCGkRctZujht3lrH6iL5k1tJq-Fgh68ftqGe2oZ7ahitCJdiwqYPz9tQzXDkNf6SUtR_NOJfN35_Pkzm_Ub3Hz9x5s8h-d14d0YNslmZITw5k2_DzJsxGWDGp5rfPX4JDnsvQfl0GzUDc4wLGERn1kefTjXUs1NaXoOkzLRBl0w5CZ5jjLZoa5R_BIUtz2E24aEXIhNqGhF5xGbW5BLucIyjh1mCSguQAOhjl0MZ0H59DPKUS7zpNrQ-ro_wBj_8QAFBEBAAAAAAAAAAAAAAAAAAAAcP_aAAgBAhEBPwE0_8QAFBEBAAAAAAAAAAAAAAAAAAAAcP_aAAgBAREBPwE0_8QAPRAAAgECAgUICQMEAQUAAAAAAQIDABEEEhMhMUFRECAiMjM0UmEUIzBicXKBkZJAQkMFscHwUIKT0eHx_9oACAEAAAY_Av0BTDDOfGdlduw-XVXbFvm10I5wI33HceY5iXM4GoVklgjVrXtao5l2MKfC4aJHtb-1PEmGjMidYcKxJ0SGWLqqKytCmjBs5G6tB6Ol2PQHGlOgQRkDWdeuu5r_AL9akaRVBU21VKVwy6FdjeVI64VDEx200r7FFaaDDpotw41ik9HUsq6kO-hBiMFhlv0dSb6zDCwF2NlBSsTK-Cw6KEOV1XfyHDSm7p1T5cpJ2CsTiMXIFDDKgPCpcLmvlOZDRxmc5itstY76_wB6mKuW0jX17qxGhw2lu-vyrCNNDoiN1R_PWGjdTCuzJxphCtrm511iPkqH6_3NPDe2YUInwuljXYRUrxRaOY9cGsbMl80Ml_pemdhZIYST8bf-am-DckLDxW5dDFCzaQa2G6ss-Bsyfvb91LNh8C8YTVl40ky4ZnZtqcKnxPoUh0v7eFacQsXy30e-nRsM-WVr5vDSTjCSepNreKkhXDSW1Nm_xSsf6WSy7GP_AMrFSSI6Zzm6VT4VcE9urnqLDegyEA9b60RFmJzDq0I58G5kA28axP8AUZICCy9GMb6lzYJ2XENrHCngwuFeQTqQWvsrFQPCyZUJzHfyQKPGP0QeOUiF_LYa7c_au3P2FFGmJUix1chxTDorqX4_ojHIt1NFogZY_LaK16qsAT8KD4gGOPhvNBEFlGwewT0SXKRtF7Xr1rzr513mT713mT713mT713mT713mT713mT713l67y9d5eu8vXSlv8RXRly_AV3l67w1aKU-uXf4hzizGwG01dJkYbNRrPGwdDXThF-K6qvBN9HrpQlhxTX7RZUPSWklTYw5uJjADZOiFO_VTl4THMRk0MN75r7acSOwtq0bLbLzPWxK30r1TtGfvV0AlHu1ldGU8CPY5IpLLe_N9Iw0-hkIs3A0hhT0kMDn-bjTPP2shuwG7y59nQMPMV0VMZ92sl8ykXB_Tlx1oul9N_wCi280g7DUkXhPsdGozPa9r7K6UZS5sDxrpuq_E0rQSxls4B131VaORWI4HlkOfJ0dTUmMaYNo-kqHy-FaR4snDXt5qSj96-ws724-VEBM8khzC37ksKZUJi9YLRXvRXElS8eraaSTAwXLMNl9lEwxBCRrqVY9YjNs3HkyzRXXzqWPTsmGvdBfMDXo4Ok0Iys_-KSN2sz9UceYknhfnsjEi53UIpwskf8cy_wCanw7C6RynR_CnaA6ORiAX2mtGiR2y5GK_uoiLJomj0miQ79lDD6PRBtWUHb8aSOY5lkFgwOoHhS2jMkr6kUULy-jOrdJW13FTSR7AxCVJH_IHuaSR0DMuw8yUEgb9ddpEPi9d4w__AHK73hvzrvuH_Ku_RV30fj_7psNkZyNrK1spq3S-y3_tWZIGPkWoxy4O6_PXThLMAArXHRtTznDFpW35raqZHwhsffrQzYYyC2slttITC6Omxg1fy0sMeGbKPe20cRAJYGO5aAlklybwqgE0skXUPKq-J-fLJkLRE5s1ZY0LNwFd2l_GhpImS_iFZo4XZeIFd3l_GhpI2S-zMKDJC5U7wtd3l_GsroVPA1cQyEfLVzDJb5aCqCSdwq0upmbNbhywR-RPPlj8SmoTxNuSNuD06-F-TDn41F9eQ_KKiHuCpz7lR-QJ5hHhUewa38cmr712cv2FNEiSBrgi9SiVWOa1stdnL9hUWjVxlv1qWF0kJB3V2cv2FNMgIUjfSjRy6h5VJCiSBm4054JzJ2972DnxgNUU2eS7DXUkiO-ZVuKMUhI6Nxau0kqNo2Y5jbXWldnDXtqrtJKeBCSF412klCRGcsWtrrEN5AcpPCmbib-wgk8iKy-ByKZeItUY-I5Ifno_OeST5xyQr716mbi9uWdvcPsQ3gamED5b7dVdufxFCVTZwb3rtz-IoLPJmUG-yskMmVfhXbn8RWlY-sve9dsfxFLp3zZdmqgfE5PKw8TAc1Y32lQ3MeFjbNvrSiYtqtbLyNPpyt2zWy8giLZOle4FNGHz3N9Y5PSdOevny5eRZDMUsLWApIA2bLv5VQyFApvsrvLfjXeW_Gu8t-NJKZS-XdakcyFCotsrvLfjXeW_H_hOkQPbFlOrdrrL5V1h_v8AoonVq2far_YfWj8KGc9HkK6y_AVFJIFHT3UI7MpOy420VCO1jYkCljYEZth3U2o3XaD7K48td9ldfXbj5116BLX404zi-6utuNDN1t_IzDKRMLdLdUSR-sOa5tURaExiPaaJgjkRi3_SaijVdmtm3CpJSpAOoeydgdtqIz1rk1Xq2k2DVQ6W8Ut3vr10zB_hRzNe9NllGRv2sNlLHG2_pGrZ1rrrV842a6663rrV1hQzbf8Akv_EACoQAAIBAwIEBwEBAQEAAAAAAAERACExQVFhECBxwYGRobHR8PEw4UBQ_9oACAEAAAE_If7kAyShmAbiofYaxgLuAog0VNBEF4OjPyg4iivDlMzMMwVvAxKFWtDkecNJRIAith1ltIiPlBBUhQM1cz6kQ98V4VSXF9Zf2mMNReAwBFfaAOsgu0MnlLa9V4At2NKNHMzbwrMItSAZDzhgBLELIL3gwyRoaae0FlyAW8oeHWDAvCwQGY30-HEyaAyTiH0GENFT0EGAcWtQM9j4zQ-Ao0n5Ceu9mV_hU3U9YIzPMCcjCac4AFkVrK_utCS4GwFXgFdzqs9Q4XCP4A6HECmoWbdR8Q-48E5vpNJJe4z4UhAnS0L66Sj6tOBy7AtwaQcKk3D0aGBggv1RsTirOe0XUpBq4zSXUlkKi7qsMMgK7SA6WpMZbRDklVYdVSA-gFE6kbMRwd6YY8Ywlia5Jh4E2DEvdLvD0JAqIu1lvBK1ILk4pdgC_NSEDFSRtPaYjMBCEl4rfaOYQsbVpvBh4WBBscKrBPucVvFFvFFvwLeKLfgooouAdMKUHYh_znxPqHaL3iEqPKC812W5_wAfwJ_kM9fgzCQJDzBEoSWhEdkaA5fwNvsIH2KgYgPOTK1vmisOUbdTz57c5QhP25-3P2Z-jLpdIe0un0A4Z9cQyHQx9FY-UPEZkwJXtmwMBqAGLGNyH1j0lUntdxGp6JvpLAgg7_zUKKxC5X3Q5HIYw-TIC1dqqWKEioGvoPByliqTWdLvkFJvk1eceHThojPc1XyMTE8oH-AhSUagnXkMb0EoMIhQ7ANC57EPCKS0kYgOg59t7uEenVZU8oEGdKafPc6_8CeYn00r4Q35rnX-ThuAGK8oQJgREIfygdMc1zrxG7vEABqTALW44sFDoBQ2WIR2FAZHDZucAyuIS722Dj1lnOIRqq7He8p4Sa6l1G3KgFFHqOa51hG60TlqAPxK0TKkoMWR9R4SvXFAZNBt0CTp5zMgUBZxGXIAmTzuYZSQIEykzh4FtAFc2Gsfg90NHXaDPq8jWxwPWJqd24eOpXgAPVMAvjqJ6RH-c1zrFRqRv1p4OFkat-sjUFiXZV2NhmmGgQlVJhHTcqSBu9jU6xXgsHAKEZsfiVzulbgG0lVmSOn76wVVEJRC74UagAwYqa25oO8NM1Y8kHMNDOsLRMcVLdATQYIntAJjTqEwr97T43F-8MPvBbvoEAUaYC6GtRCDI13Nd4wEigdESHoUx0hchvLvaUVWWCx0pfWUGkoIDQgIneUSK9sYlAjAhO6goYKI5T37QkMsTkkTXk0iy1NLx-gMkBDz-Q6F3XjhM3QGo2PFbmofIA8xHLMCwqgNQATnSUks0sz9HB5YpRcDzNRsifvZVUaA5biYQQZ-tlMLtKMDDwGCCqIFIYAySUos2AGTDoRrTsA7cemOY3Oso9ZDqpXajPjw-87Bm5D6gcB8IPtHbSevBm0KbXB9JtuU-ypclXaDd-a514EByT0CiDJ9TeHqAgIVD1g7mZIFE32n1zvH_tZBlb7Q3ohYhV8Z9c7wfCAAvlhKC3yg8QoEQvebv_uOTQ5x5U5rnXgjBT0BdoYAmwBF7H1h9MgBIVICPsTWPpn7ojBYFIY6KIqT9UQlogAbqgHvKPfEEFAIMKdG-afxxZNgcORubzc1zrwQjcmPzNfADXuZv0-iP7J9E8AZNC9pSNOACOovbh1efkH-xWhPIP8AeNW7CHUhcq4XOvChNQnzpD4xMFAPvG_S9JRDrTM0fpbQpRABEI-EZ0QtAT2n0LtDp0rIXn1rtKidoCfSfaCp24_V7L7chSAAZNABL8VPG483wudeC8oUgtL9fIkc2o1KpLRMgQjEAFYwfmH8jXoU2BDsmnzhq82h5SkAOzmFBA1QTZfEVvQ2dJ-N-Z-d-Z-N-Y1H2DEB4lpiAzE_O_MDdj8_9o5w4LSzP9TaY-yA7I8CZBqKGnu1CgoFdtD6QNAGJreUMwicMTOXpKoywFgL0tAFSU0D4EqQg0W6x4AcbfmIfitQgEW6xgDDs7qx0iIAGVwIABFj_A2hya5IXAFwt4Uylk_TSVXrPtT1goRQL6m_yIO5CF5arAqpFgF1JixpRZDaASDPBFOtTViZyjM9JX-8RYNYebVSwDYRRCJ3hBg3_iuGRADpeVwyULkBL5jdQ6BwjSAFJgIa47wAl9StxnFYZKcrrjpBUQ6VY02lehFTakpnRVXhhzxNfUhOd1t93gCNJqjluEwHVtCQsbSNqLKlJSARW1MAAdf_ANL_2gAMAwAAARECEQAAEECMEODNAIFPPGBCHGFIONMGPPLLEBMIADMDPPPLNJOEIAAFAPLKBLLCACABLPOONPMPKIAFPLJKEOKNLIAFPDMOAGPIPJAJGCABLDKIPAAFPOMEHFHBPAAFPKKFABLPOCAFMPHLLDPHLDHDHPKKIONAMNPPPPJEPIHFGMNPPPPPPPPPPPPPPP_EABQRAQAAAAAAAAAAAAAAAAAAAHD_2gAIAQIRAT8QNP_EABQRAQAAAAAAAAAAAAAAAAAAAHD_2gAIAQERAT8QNP_EACoQAQACAgECBQQDAQEBAAAAAAERIQAxQVFhEHGBkaEgscHwMNHx4UBQ_9oACAEAAAE_EJOvhI8mSOnw1vJOpkjrJOvhJ1MkeTwk65J1MFAAlLAGIZvgL2F-ajFRhSGHZRPzgYObKPqk_JjvBC2ODu86yyPioSkKcROHkYTBkpPRpx1YKJnqHckPcxKiylilaFK5N3CVmDDMx24_EiSEgGVsjt05wTNqfHDFqlk1F4JTAZZIEQFnWMDEgGWSnBpk1xONhgkeWBDCLAilmVvEY2JsdKDsuIrWRgAsxQklmQjw6xg0dzlwHdYMDBkvawFC-gY5e56qk0yQ0x0cF4OQItJZIk9SYRPvcskAYDvtMC7QgVLDaR1IzR-cuQhMlSuqvh7XPgWF3TAJV9MTUsZAghDYHqzglEQaViE96O7Jh4mjCC6dQVG7njJTjHs4UCaAIEije115YbbcAlQUO7yfHkUyKyDn7XqwdElqqVxDpXSPPBeQ1KHAtoBo74pizUB3zSeUUcgMpPMMBwccnsJJOk0xBgmErhtATOgvfGIyGGdijI5QvIcGifFE1J0kHpDKl_UYRN4tgEs7l98EL4RrRAUIkwBtKtK88mf4LaXhCI1F0byDrLxGQy6SIVOt424KpaMhaYNbcBkmuiPJ4Row1KMMJA2vXYmBrEuqGGArmxcTJkzEnCAkOiU8D543ETJGzAophZ2ay3_-I0hhNJ88jyiBwkqUJgYmPbDkqfAdIZDs6IxSqGZhkyZXdxPOSoUzpHsuJjWGD0wAxTZfkvlgqBZiLQNhUltlrjNquahxcaPfDicG0FppZ0l5RXniCK7IMUSkjq7fAm5eB2C_Bgy-E5mWebBHLCK3kurGTM-Znesl1yfCPLI8_fGfOEHddMZESmV04hAnWqyI1QhiLSjss9emS4r7YgR5siSBPtNnLNGN8AWG4hTsK83s4EfWgwGCpipxnpnpnpk5OTk9sBeoUoeEdicJrH7ZWiuhdOpT2x0WNqE9HDC2wIT6YBwPDHpHDu-mQ1f5AMk-s4TEXA0hFXTG8V9wEvyEnzkP5vov_cBnJ-w_rP8AN_1n-b_rK3m7f6y38T-selXq97uP3G7oZER8h_WEn7vjE3JQI7nk57Q9cF9KxjsQBte2Vmi0WSYHpMO404yCUXQMO--JMbf7b1xDMNks-4ezkOU8g68g8wxUjdIIfbj-IYxwhN--o9kr1weiCI9pO4ifRpjxAaCD6x9hx1DRhJIiQQgsnN84bHDBoAlnTDRPh3xL0cx7F5NINfl7-chhnMce8XwucwaezSfwbYw3qJEgF-D6LkRM4VPhvGinUK9ucUUk-WW7SCOSrRyzynxJAKdAPWcNfU3dON7Tk0k1TeqT7YCcN8Ewj3E-cd_Sc_8Ahi5edzfAYJSnr9Jz9ETGT4SGDJ4xjGi5YKiXpgz9BV5AWI04FiE79a9k-k58YWDJsrC2Xa0U96cfryELxOxSEksTAAZIRTrbgKbNMZJA9i_7w3mSk-aH5ws8G7gIMLlzq0g5wFYzrKChYCjA9ZzVo1B5cIuJL-hJcHZBYrT9kx2_Qc-EESgFqusXRAsD773ZTih2iTBi4GrTpcZ67bSwUhKkTxSJdEs91DlhLN-WTJVnEkkUH9YLwChIXDK83khIgstJRcx15wEzlQBKugc4er48tBLXcjCQhBgIGaplLtW9UpBABTIAuQDs63GS8-EtBCAOb9b6ZISIjxMIkxPRQ_Ix39Bz4RAJSSSjJHKFRzGOLsHFSke0SKmmLqI1aEkVXVZCOnnjKzl4IBW2AepEVGUjjcZYF6DPJbYMD8oQUgopllAiV54_IWEZkSeksGh7pkutghNy0Xg9pBkY2ooZ2zC2wavEw_wgllI3qdnTFZnoRVhju1jiTyy5mMaEj3Ce3XG4SbBce2zo6xKWHiqiBfIUS8th3caImah_nCpZ_wCqMgd7qn7YOM92R_Bh1STi_DkcVTbBwKnUAkSMdjtEyXZkGdqh0FtnvhySisXeuRHId1Ll4HYQS4HWYS57ElAgipRTExoxHsKiOALCKmWVXeLUnIBRlDcVY9cPrgcYRHUBMju6y6cqwOiI0wjMzj10pUZerzhM5paRl6w320UYddaY66TFO1STPEZKPcBh03E8xHpkLEQJClIcJrxoQrOqD8xiqyv0GTlvVgYAXsCOsTF73zkUkQbGbYM60H78ZKWsTDS4ndRiuIQ9JskIxff7vbDhPKFYNxJe8Ojk8YDCGdP9XtlERSMTphhwwNl4QpK5MSxgCAOWsQG0u7AC8bSZNKUA94l2mOPGedTJ5ofjOfoOfCN3EV5kfMYiCH-UE-8ZLkbFkL2E_IZNbKMvhX3nwh6z2j_bNn2-T4RWf-8_nKn_ABhMuWIPuR-clCSfKQ-XDxhCQHstvv8ASc-EOsL5GcO5XuA98GT3TsyYXisWMwnU8ZK1qpICUp18AEoYZwScELqxGTJ6CnkeAE9aMgIOYXFTdMcQGCF5KwSLMLpki8o7SH2w8HeFKzC3x_w-k58IdZXYWI6yfKwo4IADIFag5KAxkIm6xiNaCVCmeIcTl_sdsVpz0UAJEHnk0NZRDTZ3z9Y_GRKBzlIa74kk2fprKQawBFdHQyaHqXzL8PE2kJb5Xm55vqX8_Sc-EcYoO0vJE-7lngg6QH5wOLmq80YqSBeeVD7xgkZSulPm38YSpN7tIZOJsvs5waDteRLr7U4prkPJfHqM-lA-Ux34grBiglw58YK7UfgCvvhYTGVQY0Y26w5licDUOx1wkc9M7JxnV3TESZA6XGM-O5vMqeOMqrEuVLW4URgI46ZwRmsBIuEXVJ0OhleR6hEeNGjCTe9uXfim5hYK9DH4mDDSPUgCe2GGfAIYMsFiIh6Zd6hYB7y6gxTh7YZxdAAyO5651w8qbwwYkKoIhj_GV8JDJEREvTP8rLRE4InncOJz_CZECsCGysyXfxnNQPCVV6-L-kKOehtNS-_jIUXYiwqGwdll1vEZfad6TaRF-_goUEss_wDrE98WCZxSXiw4a-k8KoREvTBmxk_lINhGmTKVNRMcdHjJfaSxtM7OwYjjGEzzCD0ZHble7zXRVCBBwE2m-vbAqUaOHJVMYGi8iUgjJFW0t3eoxImOtiWJSLiNEbx1l8IaukkuDV41YIWpV3KwEax-FRrjUXzHOffXm4HbeFQGyPMJpmryjTzB0Hy8sROQkf4OthCQpcNTylPa2dZHIBNJJtMREtJ4e2agxPbxWYHcofOsrWDAkLMENWHWErlIhFpKpeKISNxiRT4RIYiqWkl9nrhQYjapPMTebMX2oUioMvB09uLmWJpgzMp2KPRxj4CZNEbQTKEBO2Y5nQ8R-QdeVluREN4lFw9dsEzWM1ou0Rh5G83hrTp_A6w0uoKCUF4nqYjDMBQpSTnbvG95QQAwpUKRVpzcZAejm7RJOYj3DmrMk2wUFh5NWE9G_Uk1CaiG9RLV7moOSoQiR4Ro2T5ZMSS2oQNeYvrkzOc2bcz_AJiqwmAEC46ExqXI_TIIRVG4qjqiS3eLQKi2kQSxs_PMWxQVMmjaIjU3z0MogUAFEyXqqnruI5xCAj6kA1HWy8Itl-XYZNbx_V60V7f_AEv_2Q==
------WebKitFormBoundaryumAjUbPr6ymfh8hM
Any suggestions?
The default encoding is base64. You should form a request that matches your sniffed request, except for the following:
The WebKitFormBoundaryumAj... string should have a random string appended to ensure its uniqueness
The _9j_ line should be replaced with the base64-encoded contents of the image you are uploading.
The server will automatically detect the type of file (JPG, PNG, etc) so you shouldn't need to worry about that.
This is base64 encoded image. You can actually use it in many places, such as in CSS and in JavaScript. You can basically place it anywhere, where usual URI would be required. You can also encode many different things in such way (typefaces used in #font-face, for example).
In most modern computer languages there is built in functionality for base64 encoding – just google for one in C# if that's what you're using.
You can read more on the usage of data-URIs here: https://developer.mozilla.org/en-US/docs/data_URIs and perhaps here: http://css-tricks.com/data-uris/
I Have a website, and there a few textboxes. If the users fill in something that contains the letters "ë" then it becomes like:
ë
How can I store it ë like this in the database?
My website is built on .NET and Iam using the C# language.
Both ASP.Net (your server-side application) and SQL Server are Unicode-aware. They can handle different languages, and different character sets:
http://msdn.microsoft.com/en-us/library/39d1w2xf.aspx
Internally, the code behind ASP.NET Web pages handles all string data
as Unicode. You can set how the page encodes its response, which sets
the CharSet attribute on the Content-Type part of the HTTP header.
This enables browsers to determine the encoding without a meta tag or
having to deduce the correct encoding from the content. You can also
set how the page interprets information that is sent in a request.
Finally, you can set how ASP.NET interprets the content of the page
itself — in other words, the encoding of the physical .aspx file on
disk. If you set the file encoding, all ASP pages must use that
encoding. Notepad.exe can save files that are encoded in the current
system ANSI codepage, in UTF-8, or in UTF-16 (also called Unicode).
The ASP.NET runtime can distinguish between these three encodings. The
encoding of the physical ASP.NET file must match the encoding that is
specified in the file in the # Page encoding attributes.
This article is also helpful:
http://support.microsoft.com/kb/893663
This "Joel-on-Software" article is an absolute must-read
The Absolute Minimum Every Software Developer Absolutely Positively Must Know About Unicode (No Excuses!)
Please read all three articles, and let us know if that helps.
You need HtmlEncode and HtmlDecode functions.
SQL Server is fine with ë and any other local or 'unusual' characters but HTML is not. This is because some characters have special meanings in HTML. Best examples are < or > which are essential to HTML syntax but there is lots more. For some reason ë is also special. To be able to display characters like that they need to be encoded before transmission as HTML. Transmission means also sending to a browser.
So, although you see ë in a browser your app is handling it in an encoded version which is ë and it's always in this form including database. If you want ë to be saved in SQL Server as ë you need to decode it first. Remember to encode it back to ë before displaying on your page.
Use these functions to decode/encode all your texts before saving/displaying respectively. They will only convert special characters and leave alone everything else:
string encoded = HttpUtility.HtmlEncode("Noël")
string decoded = HttpUtility.HtmlDecode("Noël")
There is another important reason to operate on encoded texts - JavaScript injections. It is an attack on your site meant to disrupt it by placing JavaScript chunks into edit/memo boxes with a hope that they will get executed at one point on someone else's browser. If you encode all texts you get from UI, those JavaScripts will never run because they will be treated as texts rather than an executable code.
On the Microformats spec for RESTful URLs:
GET /people/1
return the first record in HTML format
GET /people/1.html
return the first record in HTML format
and /people returns a list of people
So is /people.html the correct way to return a list of people in HTML format?
If you just refer to the URL path extension, then, yes, that scheme is the recommended behavior for content negotiation:
path without extension is a generic URL (e.g. /people for any accepted format)
path with extension is a specific URL (e.g. /people.json as a content-type-specific URL for the JSON data format)
With such a scheme the server can use content negotiation when the generic URL is requested and respond with a specific representation when a specific URL is requested.
Documents that recommend this scheme are among others:
Cool URIs don't change
Cool URIs for the Semantic Web
Content Negotiation: why it is useful, and how to make it work
You have the right idea. Both /people and /people.html would return HTML-formatted lists of people, and /people.json would return a JSON-formatted list of people.
There should be no confusion about this with regard to applying data-type extensions to "folders" in the URLs. In the list of examples, /people/1 is itself used as a folder for various other queries.
It says that GET /people/1.json should return the first record in JSON format. - Which makes sense.
URIs and how you design them have nothing to do with being RESTful or not.
It is a common practice to do what you ask, since that's how the Apache web server works. Let's say you have foo.txt and foo.html and foo.pdf, and ask to GET /foo with no preference (i.e. no Accept: header). A 300 MULTIPLE CHOICES would be returned with a listing of the three files so the user could pick. Because browsers do such marvelous content negotiation, it's hard to link to an example, but here goes: An example shows what it looks like, except for that the reason you see the page in the first place is the different case of the file name ("XSLT" vs "xslt").
But this Apache behaviour is echoed in conventions and different tools, but really it isn't important. You could have people_html or people?format=html or people.html or sandwiches or 123qweazrfvbnhyrewsxc6yhn8uk as the URI which returns people in HTML format. The client doesn't know any of these URIs up front, it's supposed to learn that from other resources. A human could see the result of All People (HTML format) and understand what happens, while ignoring the strange looking URI.
On a closing note, the microformats URL conventions page is absolutely not a spec for RESTful URLs, it's merely guidance on making URIs that apparently are easy to consume by various HTTP libraries for some reason or another, and has nothing to do with REST at all. The guidelines are all perfectly OK, and following them makes your URIs look sane to other people that happen to glance on the URIs (/sandwiches is admittedly odd). But even the cited AtomPub protocol doesn't require entries to live "within" the collection...
I have uriscan installed on my Win2003 server and it is blocking an older ColdFusion script. The log entry has the following--
2008-09-19 00:16:57 66.82.162.13 1416208729 GET /Admin/Uploads/Mountain/Wolf%2520Creek%2520gazeebo.jpg Rejected URL+is+double+escaped URL - -
How do I get uriscan to allow submissions like this without turning off the double-escaped url feature?
To quote another post on the subject,
some aspect of your process for
submitting URIs is doing some bad
encoding.
http://www.usenet-forums.com/archive/index.php/t-39111.html
I recommend changing the name of the JPG to not have spaces in it as a good practice, then later try to figure out with a non-production page why you're not interpreting the %20 as an encoded space, but as a percent sign and two digits.
How do I get uriscan to allow
submissions like this without turning
off the double-escaped url feature?
How do you get it to allow double-escaped URLs without turning off the double-escaped url feature? I think there's something wrong with what you're trying to do. My question is this: does your HTML source literally show image requests with "%2520" in them? Is that the correct name for your file? If so, you really have only two options: rename the file or turn off the feature disallowing double escapes.