禁用 URL 参数值中的等号编码

Disable URL Encoding of Equals sign in a Parameter Value

下面这段代码为 restful 网络服务调用创建了查询参数集合

NameValueCollection outgoingQueryString = HttpUtility.ParseQueryString(String.Empty);
outgoingQueryString.Add("SessionID", _sessionId);
outgoingQueryString.Add("LoanNumberID", loanId.ToString());
outgoingQueryString.Add("Nonce", _nonce);
outgoingQueryString.Add("OtherParams", "Enable_Filter_Show_on_Action_Report=0");

问题是最后一个参数值 Enable_Filter_Show_on_Action_Report=0 得到它的 '=' 编码为 %3d SessionID=319A561B6D&LoanNumberID=351591&Nonce=3262383361&OtherParams=Enable_Filter_Show_on_Action_Report%3d0

什么时候应该

SessionID=319A561B6D&LoanNumberID=351591&Nonce=3262383361&OtherParams=Enable_Filter_Show_on_Action_Report=0

事后没有进行重写,有没有办法防止这种情况发生?该服务没有 return 正确的结果集,因为它将 %3d 解释为需要过滤的内容。

我为解决此问题所做的工作如下。我只是不知道是否有办法首先防止这种情况。

string queryString = outgoingQueryString.ToString().Replace("%3d", "=");

我不知道有什么方法可以让 NameValueCollection 做你想做的事;您可能遇到了某种变通方法。

我确实看到您的解决方法实施中存在潜在问题:

[Fact]
public void ProblemWithOriginalSolution()
{
    NameValueCollection outgoingQueryString = HttpUtility.ParseQueryString(String.Empty);
    outgoingQueryString.Add("Param1", "Value1");
    outgoingQueryString.Add("Param2", "Value2=Something"); // this '=' needs to remain URL-encoded
    outgoingQueryString.Add("OtherParams", "Enable_Filter_Show_on_Action_Report=0");

    var queryString = outgoingQueryString.ToString().Replace("%3d", "=");

    Assert.Contains("Value2=Something", queryString); // Passes, but not what we want
    Assert.Contains("Value2%3dSomething", queryString); // Actually what we want, but fails
}

这可能不符合您的需求,但如果需要,我有两个建议。

第一种是只使用字符串连接。根据您的使用情况,这可能需要额外的逻辑来处理 OtherParams 是唯一查询字符串参数的情况(在这种情况下应省略 & 符号)。字符串连接也是一个坏主意 OtherParams 可能包含需要 URL 编码的字符。

[Fact]
public void Concatentation()
{
    NameValueCollection outgoingQueryString = HttpUtility.ParseQueryString(String.Empty);
    outgoingQueryString.Add("Param1", "Value1");

    var queryString = outgoingQueryString.ToString() + "&OtherParams=Enable_Filter_Show_on_Action_Report=0";

    Assert.Contains("&OtherParams=Enable_Filter_Show_on_Action_Report=0", queryString);
}

二是做双换人。这有点笨手笨脚,而且效率不是很高,但应该是可靠的。

[Fact]
public void DoubleSubstitution()
{
    // Make sure the placeholder doesn't have any characters that will get URL encoded!
    // Also make sure it's not something that could appear in your input.
    const string equalsPlaceholder = "__Equals__";

    NameValueCollection outgoingQueryString = HttpUtility.ParseQueryString(String.Empty);
    outgoingQueryString.Add("Param1", "Value1");

    // First, remove the equals signs from the OtherParams value
    outgoingQueryString.Add("OtherParams", "Enable_Filter_Show_on_Action_Report=0".Replace("=", equalsPlaceholder));

    // Then, build the query string, and substitute the equals signs back in
    var queryString = outgoingQueryString.ToString().Replace(equalsPlaceholder, "=");

    Assert.Contains("&OtherParams=Enable_Filter_Show_on_Action_Report=0", queryString);
}