URL encode sees “&” (ampersand) as “&” HTML entity

javascript urlencode

411,016

Solution 1

Without seeing your code, it's hard to answer other than a stab in the dark. I would guess that the string you're passing to encodeURIComponent(), which is the correct method to use, is coming from the result of accessing the innerHTML property. The solution is to get the innerText/textContent property value instead:

var str, 
    el = document.getElementById("myUrl");
if ("textContent" in el)
    str = encodeURIComponent(el.textContent);
else
    str = encodeURIComponent(el.innerText);

If that isn't the case, you can use the replace() method to replace the HTML entity:

encodeURIComponent(str.replace(/&/g, "&"));

Solution 2

If you did literally this:

encodeURIComponent('&')

Then the result is %26, you can test it here. Make sure the string you are encoding is just & and not & to begin with...otherwise it is encoding correctly, which is likely the case. If you need a different result for some reason, you can do a .replace(/&/g,'&') before the encoding.

Solution 3

There is HTML and URI encodings. & is & encoded in HTML while %26 is & in URI encoding.

So before URI encoding your string you might want to HTML decode and then URI encode it :)

var div = document.createElement('div');
div.innerHTML = '&AndOtherHTMLEncodedStuff';
var htmlDecoded = div.firstChild.nodeValue;
var urlEncoded = encodeURIComponent(htmlDecoded);

result %26AndOtherHTMLEncodedStuff

Hope this saves you some time

411,016

dododedodonl

Sysadmin, also programmer.

Updated on February 23, 2022

Comments

dododedodonl 9 months

I am encoding a string that will be passed in a URL (via GET). But if I use escape, encodeURI or encodeURIComponent, & will be replaced with %26amp%3B, but I want it to be replaced with %26. What am I doing wrong?
- Andy E about 12 years
  
  Where does the string come from? Can you post the code you have so far?
- Nick Craver about 12 years
  
  & is the proper way to escape the ampersand in an HTML context...where is your source coming from? and what's the destination? It may be better to do this server-side for example.
- dododedodonl about 12 years
  
  I grap something from the HTML body (and that is HTML encoded (so, there is & I realize now)) and I have to pass it in an URL... So, I need to decode the html (but how?) en then encode the string (with encodeURIComponent)...
- dododedodonl about 12 years
  
  found it... I used in jquery .html(), not .text()... stupid (A)
- Andy E about 12 years
  
  jQuery's .html() maps to the innerHTML property, so the issue is as I said in my answer :-)
Pekka about 12 years

... that is probably his problem.
Ry- 9 months

Where did you get the idea that encodeURIComponent was supposed to “cleanse” anything? It encodes text to preserve its meaning in a URI. It’s not for passing user input directly to system("rm"). What?
HoldOffHunger 9 months

You can actually use the results of these functions with anything. That's just an example. You can run this server-side with NodeJS. And then run server-side commands with URL inputs. It's designed this way, no?
Ry- 9 months

If you wanted to assemble user input into a shell command and not have globs expanded, the function to use would be an escapeshellarg-style one. Also, you should literally never assemble user input into a shell command.
HoldOffHunger 9 months

That was just an example. You may need to run user-input as args somewhere. This is the proper way to do the escaping with JS.
Ry- 9 months

No, it’s really not. This is a dangerous misunderstanding of the purpose of encoding.
HoldOffHunger 9 months

How about I completely remove anything shell-related in my example? And instead do a simply forloop over chars available in js, showing that I can't use encodeURI() to access the %2a.html file?