Click here to Skip to main content
15,312,353 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Dear all,

I am working on angular 9v application.

Not able to handle when '%' being passed in url like
Examples: http://localhost:4200/%
http://localhost:4200/abc%xyz

I have used
DefaultUrlSerializer
to overcome the issue but when ever '%' found in url control is not coming to
DefaultUrlSerializer
class.

I badly need the solution for this.

Appreciate your early response eon this.


Regards,
Ashok

What I have tried:

I tried with
DefaultUrlSerializer
but no luck
Posted
Updated 11-Mar-21 0:53am

1 solution

A raw % character is not valid in a URL. It needs to be encoded properly as %25:
Percent-encoding - Wikipedia[^]
   
Comments
Attuluri_Ashok 11-Mar-21 7:20am
   
Thank you Richard for your quick response.

Seems this is a kind of security (vulnerability) checks with tool. below is the sample url.

http://localhost:4200/dxojdzmik2%c1%81lod1xp5bdz/js/main.js

when you hit with above url, it explores the machine internal source code paths.

Need to control showing internal paths or fix the issue.

Regards,
Ashok
Richard Deeming 11-Mar-21 7:25am
   
That's not a raw % character; that's two encoded characters: %c1 and %81. How they are interpreted will depend on the encoding used by your server.
Attuluri_Ashok 15-Mar-21 4:33am
   
yes, but the problem is, when I have these (%c1 and %81) encoded characters in url control is not coming to application to call a function.

main issue with "%", if control comes to the application I will replace "%" with "%25" so that my application will not break.

Appreciate if you cold guide me on this.
In which file I need to write the function to invoke when url has "%" in it.

Regards,
Ashok
Richard Deeming 15-Mar-21 4:42am
   
As I said, it depends on the web server you're using.

If those characters allow you to read content from your server's file system, then it's a security vulnerability in the web server software, and you need to report it to the vendor.

If they simply return an error indicating that the URL was not found, it's because that URL isn't mapped to your application. Unless you actually want to map that URL to your application, a 404 "not found" response is the correct response.

You cannot use code on the server to change the URL that was requested by the client. You can redirect them to a different URL, but you cannot alter what they have already sent.
Attuluri_Ashok 16-Mar-21 2:00am
   
Thanks Richard.

Let me check.

Regards,
Ashok

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900