Comparison between encodeURI and encodeURIComponent, encodeuri

Comparison between encodeURI and encodeURIComponent, encodeuri

Both the encodeURI and encodeURIComponet functions are used in javascript to encode the URI and convert the relevant parameters into data in the UTF-8 encoding format. When URI is redirected to a location, non-ASCII codes such as Chinese and Japanese in the parameter are all encoded and converted.

For example:

Var str1 = "http://www.baidu.com/s? Wd = China & rsv_spt = 1 & issp = 1 & rsv_bp = 0 & ie = UTF-8 & tn = baiduhome_pg & inputT = 2526 "; window. location. href = str1;

The uri above contains Chinese characters, which cannot be identified during browser parsing and cannot be directly redirected. Transcoding required!

 

1. encodeURI: This method does not encode ASCII letters and numbers or these ASCII punctuation marks :-_.! ~ *'(). ASCII punctuation marks with special meanings in URI, such :;/? : @ & =+ $, # Is Not transcoded.

In the preceding example, encodeURI is used for transcoding as follows:

Var str1 = encodeURI ("http://www.baidu.com/s? Wd = China & rsv_spt = 1 & issp = 1 & rsv_bp = 0 & ie = UTF-8 & tn = baiduhome_pg & inputT = 2526 "); window. location. href = str1;

The transcoded content is as follows:

http://www.baidu.com/s?wd=%E4%B8%AD%E5%9B%BD&rsv_spt=1&issp=1&rsv_bp=0&ie=utf-8&tn=baiduhome_pg&inputT=2526

　　　　　　

2. encodeURIComponet: This method does not encode ASCII letters and numbers or these ASCII punctuation marks :-_.! ~ *'(). Other characters (including :;/? : @ & =+ $, # The punctuation marks used to separate URI components) are transcoded.

In the preceding example, encodeURIComponet is used for transcoding as follows:

Var str1 = "http://www.baidu.com/s? Wd = "+ encodeURIComponent (" China ") +" & rsv_spt = 1 & issp = 1 & rsv_bp = 0 & ie = UTF-8 & tn = baiduhome_pg & inputT = 2526 "; window. location. href = str1;

The converted content is as follows:

http://www.baidu.com/s?wd=%E4%B8%AD%E5%9B%BD&rsv_spt=1&issp=1&rsv_bp=0&ie=utf-8&tn=baiduhome_pg&inputT=2526

If encodeURIComponet is used for overall transcoding. As the & and other characters are also converted, the browser cannot parse the jump and fail.

Var str1 = encodeURIComponent ("http://www.baidu.com/s? Wd = China & rsv_spt = 1 & issp = 1 & rsv_bp = 0 & ie = UTF-8 & tn = baiduhome_pg & inputT = 2526 "); window. location. href = str1;

http%3A%2F%2Fwww.baidu.com%2Fs%3Fwd%3D%E4%B8%AD%E5%9B%BD%26rsv_spt%3D1%26issp%3D1%26rsv_bp%3D0%26ie%3Dutf-8%26tn%3Dbaiduhome_pg%26inputT%3D2526

 

Conclusion: (1) The purpose of encodeURI isOverall Encoding(2) encodeURIComponent also converts some key uri characters (such as: &), so it is applicable to parameter passing.

Why should we use encodeURIComponent first?

Ensure Data Transmission Accuracy and prevent cross-site attacks caused by Url Injection
If you do not do this, if the mUserType value is maliciously modified to: 3 & id = 12 & name = 123 #
Your program will be injected, which may cause security problems.
If you call this method, the above mUserType will be encoded into another Unicode encoding format to avoid this attack.

Why does encodeURI/encodeURIComponent () need to be called twice for transcoding?

Instance
In this example, we use encodeURI () to encode the URI:
<Script type = "text/javascript">

Document. write (encodeURI ("www.w3school.com.cn") + "<br/> ")
Document. write (encodeURI ("www.w3school.com.cn/My first /"))
Document. write (encodeURI (",/? : @ & = + $ #"))

</Script>
Output:
Www.w3school.com.cn
Www.w3school.com.cn/My%20first/
,/? : @ & =+ $ #

I have not seen it twice.
Reference: www.w3school.com.cn/js/jsref_encodeuri.asp