WebDevelopment, ColdFusion, Railo, JS, Database and Tech-related by the Co-Founder and CEO of tunesBag.com

Tuesday, 4 May 2010

UrlEncodedFormat: Encoding space characters - plus (+) vs %20

I came across an issue with UrlEncodedFormat() today - signatures calculated by an CF9-based system always appeared to be invalid and as it seems ColdFusion is ignoring the standards when it comes to encoding of form posts (application/x-www-form-urlencoded).

The document describing the standard on W3 clearly states:

application/x-www-form-urlencoded

This is the default content type. Forms submitted with this content type must be encoded as follows:

  1. Control names and values are escaped. Space characters are replaced by `+', and then reserved characters are escaped as described in [RFC1738], section 2.2: Non-alphanumeric characters are replaced by `%HH', a percent sign and two hexadecimal digits representing the ASCII code of the character. Line breaks are represented as "CR LF" pairs (i.e., `%0D%0A').
  2. The control names/values are listed in the order they appear in the document. The name is separated from the value by `=' and name/value pairs are separated from each other by `&'.

When you perform an UrlEncodedFormat( ' ' ) on CF, it will return %20, the same call on railo will return "+" as described in the article above.

I solved the issue by simply replacing %20 with +.

2 comments:

Jason Dean said...

Did you report a bug?

http://cfbugs.adobe.com/cfbugreport/flexbugui/cfbugtracker/main.html

Henry Ho said...

I asked the same question here...

http://stackoverflow.com/questions/1056123/why-does-urlencodedformat-in-cfml-encodes-valid-url-characters