為了保證在頁面傳遞數據的安全性,我們通常會對Url傳遞的參數進行編碼解碼操作。我們寫一個Demo剖析URL編碼解碼過程。
1. Url參數如何在服務端進行編碼和解碼。
1.1 Url參數編碼
思路:
- 對Url的參數進行Base64編碼
- 再進行Url編碼。
- 將多個參數封裝到鍵值對,調用工具類同一進行編碼。
代碼:
// 傳遞數據到詳細頁
Product p = new Product() { Id = 1, Name = "泡椒鳳爪", Price = 4.5m, Category = "零食" };
// 封裝到Dictionary中
Dictionary
dic = new Dictionary
() { {"Id",p.Id.ToString()}, {"Name",p.Name}, {"Price",p.Price.ToString()}, {"Category",p.Category} }; // 進行Base64編碼 返回數據 {"key":"value",...} string data = Helper.UrlCode.UrlEncode(dic); // 進行Url編碼 data = HttpUtility.UrlEncode(data, Encoding.UTF8); Response.Redirect("details.aspx?data=" + data);
工具類編碼方法:
public static string UrlEncode(Dictionary
dic)
{
string res = "{";
foreach (string key in dic.Keys)
{
byte[] buffer = Encoding.UTF8.GetBytes(dic[key]);
string value = Convert.ToBase64String(buffer, 0, buffer.Length);
res += key + ":" + value + ",";
}
res = res.Remove(res.Length - 1);
res += "}";
return res;
}
編碼后的地址:
http://localhost:50664/details.aspx?data={Id%3AMQ%3D%3D%2CName%3A5rOh5qSS5Yek54iq%2CPrice%3ANC41%2CCategory%3A6Zu26aOf}
1.2 Url參數解碼
解碼就更簡單了,只需要取到Request中的數據,調用工具類解碼。我們的數據就在返回的鍵值對中了。
代碼:
// 解碼Url參數
string data = Request["data"];
Dictionary
dicRes = Helper.UrlCode.UrlDecode(data);
Pro = new Product();
Pro.Id = int.Parse(dicRes["Id"]);
Pro.Price = decimal.Parse(dicRes["Price"]);
Pro.Name = dicRes["Name"];
Pro.Category = dicRes["Category"];
工具類解碼方法:
public static Dictionary
UrlDecode(string data)
{
Dictionary
dic = new Dictionary
(); Dictionary
dicRes = new Dictionary
(); data = data.Trim(new char[] { '{', '}' }); string[] arrRes = data.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries); //"key":"value" for (int i = 0; i < arrRes.Length; i++) { string[] keyvalueArr = arrRes[i].Split(new char[] { ':' }, StringSplitOptions.RemoveEmptyEntries); dic[keyvalueArr[0]] = keyvalueArr[1]; } foreach (var kvp in dic) { byte[] buffer = Convert.FromBase64String(kvp.Value); dicRes[kvp.Key] = Encoding.UTF8.GetString(buffer, 0, buffer.Length); } return dicRes; }
總結
我們依次對參數進行Base64編碼和ulr編碼。並且對多個參數進行統一的封裝。而在解碼時我們並沒有調用Url解碼是因為返回的數據已經進行了Url解碼了。
可能有人會問進行Base64編碼就可以滿足需求了,為什么還要多此一舉進行Url編碼呢?
主要基於以下幾個原因:
- url編碼后,Base64編碼中生成的’=‘ 等字符不容易引起混淆。
- Base64編碼有可能產生'+' 這個字符,ASP.NET幫我們接受參數時會默認把'+' 替換為空格,所以此時數據就不對了。Url編碼可以避免這種情況的發生。
- url編碼后參數更加隱秘。
2.在客戶端用js實現url參數編碼。
js實現和服務端一樣,只不過base64編碼需要我們自己實現。
代碼:
// url參數編碼
var b = new Base64();
// base64編碼
var data = "{Id:" + b.encode("1") + ",Name:" + b.encode('鳳爪') +",Price:" + b.encode('4.5')+",Category:" + b.encode('零食')+ "}";
data = encodeURIComponent(data); // URL編碼
location.href = '/details.aspx?data=' + data;
編碼后的地址:
http://localhost:50664/details.aspx?data={Id%3AMQ%3D%3D%2CName%3A5rOh5qSS5Yek54iq%2CPrice%3ANC41%2CCategory%3A6Zu26aOf}
Base64對象:
// Base64 加密和解密
function Base64() {
// private property
_keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
// public method for encoding
this.encode = function (input) {
input += ''; // 轉為string
var output = "";
var chr1, chr2, chr3, enc1, enc2, enc3, enc4;
var i = 0;
input = _utf8_encode(input);
while (i < input.length) {
chr1 = input.charCodeAt(i++);
chr2 = input.charCodeAt(i++);
chr3 = input.charCodeAt(i++);
enc1 = chr1 >> 2;
enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
enc4 = chr3 & 63;
if (isNaN(chr2)) {
enc3 = enc4 = 64;
} else if (isNaN(chr3)) {
enc4 = 64;
}
output = output +
_keyStr.charAt(enc1) + _keyStr.charAt(enc2) +
_keyStr.charAt(enc3) + _keyStr.charAt(enc4);
}
return output;
}
// public method for decoding
this.decode = function (input) {
var output = "";
var chr1, chr2, chr3;
var enc1, enc2, enc3, enc4;
var i = 0;
input = input.replace(/[^A-Za-z0-9\+\/\=]/g, "");
while (i < input.length) {
enc1 = _keyStr.indexOf(input.charAt(i++));
enc2 = _keyStr.indexOf(input.charAt(i++));
enc3 = _keyStr.indexOf(input.charAt(i++));
enc4 = _keyStr.indexOf(input.charAt(i++));
chr1 = (enc1 << 2) | (enc2 >> 4);
chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
chr3 = ((enc3 & 3) << 6) | enc4;
output = output + String.fromCharCode(chr1);
if (enc3 != 64) {
output = output + String.fromCharCode(chr2);
}
if (enc4 != 64) {
output = output + String.fromCharCode(chr3);
}
}
output = _utf8_decode(output);
return output;
}
// private method for UTF-8 encoding
_utf8_encode = function (string) {
string = string.replace(/\r\n/g, "\n");
var utftext = "";
for (var n = 0; n < string.length; n++) {
var c = string.charCodeAt(n);
if (c < 128) {
utftext += String.fromCharCode(c);
} else if ((c > 127) && (c < 2048)) {
utftext += String.fromCharCode((c >> 6) | 192);
utftext += String.fromCharCode((c & 63) | 128);
} else {
utftext += String.fromCharCode((c >> 12) | 224);
utftext += String.fromCharCode(((c >> 6) & 63) | 128);
utftext += String.fromCharCode((c & 63) | 128);
}
}
return utftext;
}
// private method for UTF-8 decoding
_utf8_decode = function (utftext) {
var string = "";
var i = 0;
var c = c1 = c2 = 0;
while (i < utftext.length) {
c = utftext.charCodeAt(i);
if (c < 128) {
string += String.fromCharCode(c);
i++;
} else if ((c > 191) && (c < 224)) {
c2 = utftext.charCodeAt(i + 1);
string += String.fromCharCode(((c & 31) << 6) | (c2 & 63));
i += 2;
} else {
c2 = utftext.charCodeAt(i + 1);
c3 = utftext.charCodeAt(i + 2);
string += String.fromCharCode(((c & 15) << 12) | ((c2 & 63) << 6) | (c3 & 63));
i += 3;
}
}
return string;
}
}