Reputation: 5368
Best way to escape characters before jquery post ASP.NET MVC
I am semi-new to ASP.NET MVC. I am building an app that is used internally for my company.
The scenario is this: There are two Html.Listbox's. One has all database information, and the other is initally empty. The user would add items from the database listbox to the empty listbox.
Every time the user adds a command, I call a js function that calls an ActionResult "AddCommand" in my EditController. In the controller, the selected items that are added are saved to another database table.
Here is the code (this gets called every time an item is added):
function Add(listbox) { ...
//skipping initializing code for berevityvar url = "/Edit/AddCommand/" + cmd;
$.post(url);
}
So the problem occurs when the 'cmd' is an item that has a '/', ':', '%', '?', etc (some kind of special character)
So what I'm wondering is, what's the best way to escape these characters? Right now I'm checking the database's listbox item's text, and rebuilding the string, then in the Controller, I'm taking that built string and turning it back into its original state.
So for example, if the item they are adding is 'Cats/Dogs', I am posting 'Cats[SLASH]Dogs' to the controller, and in the controller changing it back to 'Cats/Dogs'.
Obviously this is a horrible hack, so I must be missing something. Any help would be greatly appreciated.
Upvotes: 3
Views: 2931
Answers (5)
Reputation: 126587
Why not just take this out of the URI? You're doing a POST, so put it in the form.
If your action is:
public ActionResult AddCommand(string cmd) { // ...
...then you can do:
var url = "/Edit/AddCommand";
var data = { cmd: cmd };
$.post(url, data);
... and everything will "just work" with no separate encoding step.
Upvotes: 4
Reputation: 8778
You could pass the details as a query string. At the moment I'm guessing you action looks like:
public virtual ActionResult AddCommand( string id )
you could change it to:
public virtual ActionResult AddCommand( string cmd )
and then in you javascript call:
var url = "/Edit/AddCommand?cmd=" + cmd;
That way you don't need to worry about the encoding.
A better way would be if you could pass the databases item id rather than a string. This would probably be better performance for your db as well.
Upvotes: 0
Reputation: 33867
Have you tried just wrapping your cmd variable in a call to escape()?
Upvotes: 0
Reputation: 4702
Have you tried using the 'escape' function, before sending the data? This way, all special characters are encoded in safe characters. On the server-side, you can decode the value.
function Add(listbox) { ...
//skipping initializing code for berevity
var url = "/Edit/AddCommand/" + escape(cmd);
$.post(url);
}
Upvotes: 3
Reputation: 9216
use javascript escaping, it does urlencoding.
Then in C# you can simple decode it.
It will look as such
function Add(listbox) { ...
//skipping initializing code for berevity
var url = "/Edit/AddCommand/" + escape(cmd);
$.post(url);
}
Upvotes: 0
Related Questions
- asp.net mvc encode on form post
- Post HTML tag (codes) as string with ASP.net MVC & JQuery
- Unescape JQuery escape(str) in MVC Controller
- Posting jQuery data with special characthers
- Escaping JavaScript string literals in views
- C#(asp net mvc) -How to remove escape characters from string in controller or jquery?
- Passing special characters to an MVC 5 controller with javascript parameters
- JQuery Characters replace
- ASP.Net MVC - Escape character?
- Encode special characters in ajax form (asp mvc)