48Views0Replies

Author Options:

User input not URL-encoded in the "Ask a question" input Answered

On this page:
https://www.instructables.com/tag/type-question/?sort=RECENT

There's the "enter your question" input box.  The user-input is added to the GET vars as "questionText", and the spaces are encoded as %20, but the ampersands and question marks are not.  This results in the question being split up & ignored, and the remainder is interpreted as another querystring var.  So typing in "What is this & that?" becomes "questionText=What%20is%20this%20&%20that?".  The ampersands & question marks (and all other non-URL safe) characters should be encoded.

Thanks!

Discussions