URL encoding of special characters

Some characters are utilized by URLs for special use in defining their syntax. When these characters are not used in their special role inside a URL, they must be encoded.

Character Code Points (Hexadecimal) Code Points (Decimal)
Dollar ("$") 24 36
Ampersand ("&") 26 38
Plus ("+") 2B 43
Comma (",") 2C 44
Forward slash/Virgule ("/") 2F 47
Colon (":") 3A 58
Semi-colon (";") 3B 59
Equals ("=") 3D 61
Question mark ("?") 3F 63
'At' symbol ("@") 40 64

Some characters present the possibility of being misunderstood within URLs for various reasons. These characters should also always be encoded.

Character Code Points (Hexadecimal) Code Points (Decimal) Details
Space 20 32 Significant sequences of spaces may be lost in some uses (especially multiple spaces)
Quotation Marks 22 34 These characters are often used to delimit URLs in plain text.
'Less Than' symbol ("<") 3C 60  
'Greater Than' symbol (">") 3E 62  
'Pound' Character ("#") 23 35 This is used in URLs to indicate where a fragment identifier (bookmarks/anchors in HTML) begins.
Percent Character ("%") 25 37 This is used in URLs to encode/escape other characters. It should also be encoded.
Miscellaneous Characters Some systems can possibly modify these characters.
Left Curly Brace ("{") 7B 123  
Right Curly Brace ("}") 7D 125  
Vertical Bar/Pipe ("|") 7C 124  
Backslash ("\") 5C 92  
Caret ("^") 5E 94  
Tilde ("~") 7E 126  
Left Square Bracket ("[") 5B 91  
Right Square Bracket ("]") 5D 93  
Grave Accent ("`") 60 96  

As N-able encourages users to utilize 'special characters' in passwords, the foreseeable problem arises when these values are passed as part of a URL string. There is currently no way to detect this situation after the fact. As a result, the username and password must be encoded before the request is sent to N-able N-central.

Before Encoding:


After Encoding:


There are several ways to accomplish the correct URL-encoding. The easiest method is to submit the information as part of a form:

<form action="https://serverName/deepLinkAction.do" method=get>  
 <INPUT TYPE="text" NAME="username" VALUE="peter@nable.com">
 <INPUT TYPE="text" NAME="password" VALUE="Hello%There">  
 <INPUT TYPE="text" NAME="method" VALUE="defaultDashboard">
 <INPUT TYPE="submit">  

Another method is to encode these values before you construct the URL string. Javascript, for example, uses 'escape' to do this.

URL = "https://serverName/deepLinkAction.do?userName=" + escape('peter@nable.com') + "&password=" + escape("Hello%There") + "&method=defaultDashboard";