XtScript Function: rawurlencode and rawurldecode
If we need to send information via the url using GET or POST method, it is recommended to encode it first to make sure it will not harm our site or other visitors. XtScript has predefined functions that can handle url encoding/decoding, those are rawurlencode and rawurldecode.
XtScript rawurlencode is a function that will process a string and replace all non-alphanumeric characters with its hex value prefixed with %, except -, _, ., and ~. space will be encoded to %20. For space encoded to +, see urlencode function.
Meanwhile the "rawurlencoded" string can be decoded using XtScript rawurldecode function.
XtScript rawurlencode and rawurldecode function basic syntax:
<!--parser:xtscript--> # Encode string for safe use in url call rawurlencode $val=... # Decode a url encoded string call rawurldecode $val=... <!--/parser:xtscript-->
Learn XtScript rawurlencode and rawurldecode function from examples
Encode a string using rawurlencode for safe use to be passed in the GET parameter
- Code:<!--parser:xtscript-->
var $string = Information with <script>document.write('You are hacked')</script> and !@#^%&()
var $encoded = call rawurlencode $val=$string
print Bad practice: http://example.com/page?send=$string <br/><br/>
print Good practice: http://example.com/page?send=$encoded
<!--/parser:xtscript-->
- Result:
Good practice: http://example.com/page?send=Information%20with%20%3Cscript%3Edocument.write%28%27You%20are%20hacked%27%29%3C%2Fscript%3E%20and%20%21%40%23%5E%25%26%28%29
Decode a url encoded string using XtScript rawurldecode function.
- Code:<!--parser:xtscript--> var $string = This%20%22is%22%20%40%20the%20URL%20%5E%5E%5E%20encoded%20string%21! var $decoded = call rawurldecode $val=$string print Url encoded: $string <br/><br/> print Decoded: $decoded <!--/parser:xtscript-->- Result:
Decoded: This "is" @ the URL ^^^ encoded string!!
