How do I encode "&" in a URL in an HTML attribute value?

Question

I'd like to make a URL click able in the email app. The problem is that a parameterized URL breaks this because of "&" in the URL. The body variable below is the problem line. Both versions of "body" are incorrect. Once the email app opens, text stops at "...link:". What is needed to encode the ampersand?

NSString *subject = @"This is a test";
NSString *encodedSubject = 
[subject stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]; 

//NSString *body = @"This is a link: <a href='http://somewhere.com/two.woa/wa?id=000&param=0'>click me</a>"; //original
NSString *body = @"This is a link: <a href='http://somewhere.com/two.woa/wa?id=000&#38;param=0'>click me</a>"; //have also tried &amp;
NSString *encodedBody = 
[body stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]; 
NSString *formattedURL = [NSString stringWithFormat: @"mailto:myname@somedomain.com?subject=%@&body=%@", encodedSubject, encodedBody];
NSURL *url = [[NSURL alloc] initWithString:formattedURL];
[[UIApplication sharedApplication] openURL:url];

Answer 1

Example of use of %26 instead of & without this attributes arrived in PHP as an array!

    var urlb='/tools/lister.php?type=101%26ID='+ID; // %26 instead of &
    window.location.href=urlb;

Answer 2

you can simply use CFURLCreateStringByAddingPercentEscapes with CFBridgingRelease for ARC support

NSString *subject = @"This is a test";
// Encode all the reserved characters, per RFC 3986
// (<http://www.ietf.org/rfc/rfc3986.txt>)
NSString *encodedSubject =
(NSString *) CFBridgingRelease(CFURLCreateStringByAddingPercentEscapes(kCFAllocatorDefault,
                                            (CFStringRef)subject,
                                            NULL,
                                            (CFStringRef)@"!*'();:@&=+$,/?%#[]",
                                            kCFStringEncodingUTF8));

Answer 3

<a href='http://somewhere.com/two.woa/wa?id=000&#38;param=0'>click me</a>

Is correct, although ‘&’ is more commonly used than ‘&’ or ‘,’.

If the ‘stringByAddingPercentEscapesUsingEncoding’ method does what it says on the tin, it should work(*), but the NSString documentation looks a bit unclear on which characters exactly are escaped. Check what you are ending up with, the URL should be something like:

mailto:bob@example.com?subject=test&body=Link%3A%3Ca%20href%3D%22http%3A//example.com/script%3Fp1%3Da%26amp%3Bp2%3Db%22%3Elink%3C/a%3E

(*: modulo the usual disclaimer that mailto: link parameters like ‘subject’ and ‘body’ are non-standard, will fail in many situations, and should generally be avoided.)

Once the email app opens, text stops at "...link:".

If ‘stringByAddingPercentEscapesUsingEncoding’ is not escaping ‘<’ to ‘%3C’, that could be the problem. Otherwise, it might not be anything to do with escapes, but a deliberate mailer-level restriction to disallow ‘<’. As previously mentioned, ?body=... is not a reliable feature.

In any case, you shouldn't expect the mailer to recognise the HTML and try to send an HTML mail; very few will do that.

Answer 4

You use stringByAddingPercentEscapesUsingEncoding, exactly like you are doing.

The problem is that you aren't using it enough. The format into which you're inserting the encoded body also has an ampersand, which you have not encoded. Tack the unencoded string onto it instead, and encode them (using stringByAddingPercentEscapesUsingEncoding) together.

Answer 5

the ampersand would be %26 for HEX in URL Encoding standards

Answer 6

I've been using -[NSString gtm_stringByEscapingForURLArgument], which is provided in Google Toolbox for Mac, specifically in GTMNSString+URLArguments.h and GTMNSString+URLArguments.m.

Answer 7

You can use a hex representation of the character, in this case %26.