URL encoding of special characters
Some characters are utilized by URLs for special use in defining their syntax. When these characters are not used in their special role inside a URL, they must be encoded.
| Character | Code Points (Hexadecimal) | Code Points (Decimal) |
|---|---|---|
| Dollar ("$") | 24 | 36 |
| Ampersand ("&") | 26 | 38 |
| Plus ("+") | 2B | 43 |
| Comma (",") | 2C | 44 |
| Forward slash/Virgule ("/") | 2F | 47 |
| Colon (":") | 3A | 58 |
| Semi-colon (";") | 3B | 59 |
| Equals ("=") | 3D | 61 |
| Question mark ("?") | 3F | 63 |
| 'At' symbol ("@") | 40 | 64 |
Some characters present the possibility of being misunderstood within URLs for various reasons. These characters should also always be encoded.
| Character | Code Points (Hexadecimal) | Code Points (Decimal) | Details |
|---|---|---|---|
| Space | 20 | 32 | Significant sequences of spaces may be lost in some uses (especially multiple spaces) |
| Quotation Marks | 22 | 34 | These characters are often used to delimit URLs in plain text. |
| 'Less Than' symbol ("<") | 3C | 60 | |
| 'Greater Than' symbol (">") | 3E | 62 | |
| 'Pound' Character ("#") | 23 | 35 | This is used in URLs to indicate where a fragment identifier (bookmarks/anchors in HTML) begins. |
| Percent Character ("%") | 25 | 37 | This is used in URLs to encode/escape other characters. It should also be encoded. |
| Miscellaneous Characters | Some systems can possibly modify these characters. | ||
| Left Curly Brace ("{") | 7B | 123 | |
| Right Curly Brace ("}") | 7D | 125 | |
| Vertical Bar/Pipe ("|") | 7C | 124 | |
| Backslash ("\") | 5C | 92 | |
| Caret ("^") | 5E | 94 | |
| Tilde ("~") | 7E | 126 | |
| Left Square Bracket ("[") | 5B | 91 | |
| Right Square Bracket ("]") | 5D | 93 | |
| Grave Accent ("`") | 60 | 96 | |
As N-able encourages users to utilize 'special characters' in passwords, the foreseeable problem arises when these values are passed as part of a URL string. There is currently no way to detect this situation after the fact. As a result, the username and password must be encoded before the request is sent to N-able N-central.
Before Encoding:
https://serverName/deepLinkAction.do?userName=peter@nable.com&password=Hello%There&method=defaultDashboard
After Encoding:
https://serverName/deepLinkAction.do?userName=peter%40nable%2Ecom&password=Hello%25There&method=defaultDashboard
There are several ways to accomplish the correct URL-encoding. The easiest method is to submit the information as part of a form:
<form action="https://serverName/deepLinkAction.do" method=get> <INPUT TYPE="text" NAME="username" VALUE="peter@nable.com"> <INPUT TYPE="text" NAME="password" VALUE="Hello%There"> <INPUT TYPE="text" NAME="method" VALUE="defaultDashboard"> <INPUT TYPE="submit"> </form>
Another method is to encode these values before you construct the URL string. Javascript, for example, uses 'escape' to do this.
URL = "https://serverName/deepLinkAction.do?userName=" + escape('peter@nable.com') + "&password=" + escape("Hello%There") + "&method=defaultDashboard";