Search code examples
htmlurlhrefurl-encoding

How to Prevent Browser Control from URLDecoding an Embedded URL Link

Please forgive my lack of knowledge surrounding HTML

I am trying to generate a static HTML page which is rendered in an embedded HTML Browser component in a 3rd party application.

In the HTML Body I have a URL Link embedded within the page.

<a href="https://mydomain.com.au/Web/Default.ashx?encrypt=x%2BNWTAVMqprD%2BZyFtf1tfBVfIfhqKJ3JCjMmiXiSJSUl6n4FzCuW8mwQfpNskdQEvqU7QiWMdR%2Bbu9y6%2BiO8eh41XwGJX9l5iCYZunTamhGdkkiR9CqVCrkStu%2BzAlhqcJYG6M0zztcActpm6iSn99gXDlw8z%2BHs8Q88N9fZyXdYpxspgl%2BAoGZe7hR3zOulJb1YhabyBbf%2BkfI0dq1YQpHn3SWig8HuWvBANXPrPHDqAOsnT1DtJQ%3D%3D" class="Action">Access Application</a>

Note that the above URL is "URLEncoded". Specifically, the query string after "encrypt=" is encrypted, and then URLEncoded.

Problem

The HTML browser component embedded in the 3rd party application renders the HTML and all appears fine, EXCEPT that it Decodes the URL String.

This results in a hyperlink with the following URI;

https://mydomain.com.au/Web/Default.ashx?encrypt=x+NWTAVMqprD+ZyFtf1tfBVfIfhqKJ3JCjMmiXiSJSUl6n4FzCuW8mwQfpNskdQEvqU7QiWMdR+bu9y6+iO8eh41XwGJX9l5iCYZunTamhGdkkiR9CqVCrkStu+zAlhqcJYG6M0zztcActpm6iSn99gXDlw8z+Hs8Q88N9fZyXdYpxspgl+AoGZe7hR3zOulJb1YhabyBbf+kfI0dq1YQpHn3SWig8HuWvBANXPrPHDqAOsnT1DtJQ==

Note the now existance of characters such as "+" and "=" which causes the failure to load the application which is the target of the URL.

Is there any way to prevent a browser (browser control?) from decoding this URL string and maintaining its integrity?

I am thinking off the top of my head, and I don't really understand the purpose of this suggestion but will defining a "type" attribute on the Link such as 

<a type="application/x-www-form-urlencoded" href="xxx.com/ddddd" class="Action">Access Application</a>

have any effect?

How else can I prevent the browser control from decoding this URL?

Meta Tags in the < head > ???

Thanks in Advance!

Kind Regards

Aaron

Solution

  • We had to escape the % symbol.

    For example: changing %2B in the link to %252B (%25 being the escape code for a % symbol). Likewise changing %3D to %253D had the same effect and prevent the client application rendering %3D to a = sign.

    We couldn't stop the client application from 'decoding' the URL entirely but at least now it decoded to the correct URL value