Is it possible to have a URL key’s value contain a forward slash while using SES URL interceptor in Coldbox? The customer’s site has part numbers that often contain forward slashes (e.g. ‘D3ER-4G1600-HY/’).
This will work in a traditional URL using URLEncodedFormat(), but I cannot think of a way to have that also work with SES urls? Whether encoded or not, the SES interceptor seems break in this type of situation.
I can live with constructing these links manually rather than using buildLink() if I have to but wanted to make sure I wasn’t missing something obvious?
Thanks,
Andy
not that it matters, but wanted to note that using the newer ESAPI encode/decode functions don’t help with this…
Slashes in the path info are usually trouble. As you said, can get away with slashes in a query string if you simple URL encode them:
http://scribble.dev:8080/index.cfm/main/index/foo/bar?bum=ba%2Fz
However, putting them before the query string is harder because slashes as metacharacters there. You’ve also found you can’t simply encode them like so:
http://scribble.dev:8080/index.cfm/main/index/foo/bar/bum/ba%2Fz
Most every web server including servlet containers such as Tomcat will reject any URLs with %2F in them with a “400 bad request” to avoid security attacks. Even if they didn’t, the URL would be normalized down to
http://scribble.dev:8080/index.cfm/main/index/foo/bar/bum/ba/z
which would break ColdBox’s SES parsing which isn’t what you want either.
The only way I’ve ever gotten it to work is to double escape which means to escape the / into %2F, then escape THAT again into %252F. This is the equivalent of:
#URLEncodedFormat( URLEncodedFormat( ‘/’ ) )#
This gives you the following URL:
http://scribble.dev:8080/index.cfm/main/index/foo/bar/bum/ba%252Fz
That is enough to get your web server to accept it and. The web server will decode the URL once and leave you with a bum variable in your request collection with a value of ba%2Fz. Now it will be up to your code to perform the second decoding manually.
I usually just skip this entire mess and make a rule right off that slashes aren’t allowed in in URL slugs. The main reason for SES URLs IMO is for pretty readability, and that’s out the window as soon as you start double-encoding stuff. If necessary, create a lookup table that maps text (or better yet, an ID) to the URL slug which should follow your rules of what’s allowed. Note, the HTMLHelper already has a function called slugify:
#getPlugin( ‘HTMLHelper’ ).slugify( ‘ba/z’ )#
The onus is on you to ensure uniqueness since several input strings might produce the same output since most punctuation is simply stripped.
Thanks!
~Brad
ColdBox Platform Evangelist
Ortus Solutions, Corp
E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com
thanks Brad! I was going to regex the slash out and back in again (perhaps that’s what ‘slugify’ does? I’ll have to look into it…) For now I have them working using the normal query string… and this is for an intranet application so SES urls aren’t really important anyways, it’s just already setup that way.
Thanks for all the tips I’ll try them and see what works best.
Cheers!
Andy
Slugify doesn’t attempt to retain all of the original information in the URL in any fashion that allows the original string to be re-built. It just strips out invalid characters and replaces space with dash, etc. That’s why you would need to slugify the original string and keep it that way, or store both the original string plus the URL-safe version in a way that allowed you to cross reference them.
Look at how ContentBox works. We let you put whatever you want in the title of a post. Then we store exactly what you typed in the “title” column and then the sanitized version gets put in the “slug” column after we verify that it’s unique. Then, the slug is the only thing we ever use in the URL, and we use the slug to resolve to the actual contentID when it’s time to load the entry back.
Thanks!
~Brad
ColdBox Platform Evangelist
Ortus Solutions, Corp
E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com