javascript - URL encode sees “&” (ampersand) as “&” HTML entity

ID : 10230

viewed : 42

Tags : javascripturlencodejavascript

Top 5 Answer for javascript - URL encode sees “&” (ampersand) as “&” HTML entity

vote vote


Without seeing your code, it's hard to answer other than a stab in the dark. I would guess that the string you're passing to encodeURIComponent(), which is the correct method to use, is coming from the result of accessing the innerHTML property. The solution is to get the innerText/textContent property value instead:

var str,      el = document.getElementById("myUrl");  if ("textContent" in el)     str = encodeURIComponent(el.textContent); else     str = encodeURIComponent(el.innerText); 

If that isn't the case, you can use the replace() method to replace the HTML entity:

encodeURIComponent(str.replace(/&/g, "&")); 
vote vote


If you did literally this:


Then the result is %26, you can test it here. Make sure the string you are encoding is just & and not & to begin with...otherwise it is encoding correctly, which is likely the case. If you need a different result for some reason, you can do a .replace(/&/g,'&') before the encoding.

vote vote


There is HTML and URI encodings. & is & encoded in HTML while %26 is & in URI encoding.

So before URI encoding your string you might want to HTML decode and then URI encode it :)

var div = document.createElement('div'); div.innerHTML = '&AndOtherHTMLEncodedStuff'; var htmlDecoded = div.firstChild.nodeValue; var urlEncoded = encodeURIComponent(htmlDecoded); 

result %26AndOtherHTMLEncodedStuff

Hope this saves you some time

vote vote


vote vote


To complement the accepted answer, for much better security, you could add your server certificate or your own root CA certificate to keychain(, however doing this alone won't make NSURLConnection authenticate your self-signed server automatically. You still need to add the below code to your NSURLConnection delegate, it's copied from Apple sample code AdvancedURLConnections, and you need to add two files(Credentials.h, Credentials.m) from apple sample code to your projects.

- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace { return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]; }  - (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge { if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) { //        if ([trustedHosts])      OSStatus                err;     NSURLProtectionSpace *  protectionSpace;     SecTrustRef             trust;     SecTrustResultType      trustResult;     BOOL                    trusted;      protectionSpace = [challenge protectionSpace];     assert(protectionSpace != nil);      trust = [protectionSpace serverTrust];     assert(trust != NULL);     err = SecTrustEvaluate(trust, &trustResult);     trusted = (err == noErr) && ((trustResult == kSecTrustResultProceed) || (trustResult == kSecTrustResultUnspecified));      // If that fails, apply our certificates as anchors and see if that helps.     //     // It's perfectly acceptable to apply all of our certificates to the SecTrust     // object, and let the SecTrust object sort out the mess.  Of course, this assumes     // that the user trusts all certificates equally in all situations, which is implicit     // in our user interface; you could provide a more sophisticated user interface     // to allow the user to trust certain certificates for certain sites and so on).      if ( ! trusted ) {         err = SecTrustSetAnchorCertificates(trust, (CFArrayRef) [Credentials sharedCredentials].certificates);         if (err == noErr) {             err = SecTrustEvaluate(trust, &trustResult);         }         trusted = (err == noErr) && ((trustResult == kSecTrustResultProceed) || (trustResult == kSecTrustResultUnspecified));     }     if(trusted)         [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge]; }  [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge]; } 

Top 3 video Explaining javascript - URL encode sees “&” (ampersand) as “&” HTML entity