CODEWITHSUNDEEP
c#asp.net-mvcurl
GrandMasterFlush
GrandMasterFlush

Reputation: 6409

URL in string being corrupted with apostrophe

I've been working on a web site that has to send an email out with a URL in it, however, the URL is being printed with a superfluous ';' in it. For example:

In order for us to continue with your request, please click here to confirm your email address or paste the following link in to your browser: http://localhost/Account/ConfirmEmail?userId=605fa142&code;=7fBi8oRavW6C

The second instance of the URL above should not have a ';' after the 'code' parameter. You'll notice that the URL in the <a href>here</a> does not have the extra apostrophe. I've tried this with IE and Chrome and get the same result. I suspect that the browser is putting the apostrophe in but I don't know why.

The email text is pulled from a resource file:

<p>Dear {0}<p></BR><p>Thank you for signing up to access the Extranet with the email address {1}.</p><p>In order for us to continue with your request, please click <a href="{2}">here</a> to confirm your email address or paste the following link in to your browser:</BR><a href="{2}">{2}</a>

and is populated with the details using string.format() :

string.Format(ConfirmEmailBody, firstName, email, callbackUrl)

I've been struggling with this for the last couple of hours, the only thing I can think of is that the sequence &code= carries some sort of significance. Has anyone else seen this before?

EDIT 1

The callbackUrl is generated with this code:

var callbackUrl = Url.Action("ConfirmEmail", "Account",
               new { userId = userID, code = code }, protocol: Request.Url.Scheme);

I've put a breakpoint in VS after the creation of callbackUrl and the url being generated doesn't contain an apostrophe.

EDIT 2

It seems that 'code' doesn't have any significance. I changed the URL parameters and the browsers print the string with superfluous apostrophes for each parameter :

localhost/Account/ConfirmEmail?userId=80216107-1d0e-432c-88cc-69f18be2111e&foo;=wibble&bar;=wobble

Upvotes: 2

Views: 833

Answers (2)

GrandMasterFlush
GrandMasterFlush

Reputation: 6409

Following on from C.Evenhuis answer, I changed the string.format from :

string.Format(ConfirmEmailBody, FirstName, Email, callbackUrl)

to:

string.Format(ConfirmEmailBody, FirstName, Email, callbackUrl, callbackUrl.Replace("&","&amp;"))

The first instance of callbackUrl is used in the <a href> tags whilst the second instance is used for dumping on screen. It can now be cut and pasted into a browser and works fine. This doesn't answer my question as to why the web browsers are doing this, but at least it gets it working.

Upvotes: 0

C.Evenhuis
C.Evenhuis

Reputation: 26446

Something seems to be trying to interpret &code as a html escape sequence, and adds the semicolon to complete the sequence.

You'll have to escape the string before adding it to the raw html, changing & to &amp;.

Upvotes: 2

Related Questions