How do we put "plus" sign in html form?

Question

According When to encode space to plus (+) or %20? when we have any space in html form name or value, our browser will encode the space into "+", but what if we have "plus" sign in value (for example like text field) which is typed by user intentionally? Will our web server misunderstood the symbol and change it back to space? How are we going to avoid this?

Sorry, can anyone tell me who is responsible to change the "+" sign back to space? Is by us (us mean we should handle it in servlet or jsp) or web server? — Sam YC, Nov 12 '12 at 05:54
http://docs.oracle.com/javase/1,5,0/docs/api/java/net/URLEncoder.html — rekire, Nov 12 '12 at 05:56
It is *the web stacks* (e.g. servlet container) responsibility to give *unencoded* parameters back to the application/servlet. This decoding happens relatively high up as the params are decoded into key/value pairs. Accidental *double*-unencoding could result in `%2b` -> `+` -> `(space)`, which is why it must be done once only. — , Nov 12 '12 at 05:57
@pst For example, if I am using servlet and jsp, by getParameter("name"), I will receive the string that already been decoded right? — Sam YC, Nov 12 '12 at 06:04
@GMsoF I'm not familiar with Java web frameworks, but a good framework will decode your parameters for you. So yes, I'm almost certain you will get a decoded string when you call `getParameter("name")`. — surj, Nov 12 '12 at 06:13

surj · Accepted Answer · 2012-11-12T07:07:41.277

3

Will our web server misunderstood the symbol and change it back to space?

No, because when a + character is entered in a form, it gets encoded to %2B.

Here's an example (fiddle):

<form method="POST" action="/">
    <input name="foo" type="text" value="+">
    <input name="bar" type="text" value="bacon sauce">
</form>

<script>
    // This encodes the form, (i.e. that's what your server receives)
    alert( $('form').serialize() );
</script>

The alert box will show: foo=%2B&bar=bacon+sauce

This implies that + is encoded as %2B. So on your server, just convert all + characters to a space, and %2B to +, but you should probably leave the decoding part to your framework or a library.

Here's a fiddle you can use to play with parameter encoding: fiddle

edited Nov 12 '12 at 07:07

answered Nov 12 '12 at 05:59

surj

4,706
2
25
34

1

You are talking about html/js/jQuery. The question is about java. – rekire Nov 12 '12 at 06:04
Hi, which mean we have to use Javascript to change the default encoding of the browser? – Sam YC Nov 12 '12 at 06:06
1

@rekire I was just using jQuery to show how the parameters would be encoded. – surj Nov 12 '12 at 06:07

rekire · Answer 2 · 2012-11-12T05:59:10.170

0

The Plus needs to be converted into the urlencoded form with the % notation. In this case %2B.

edited Nov 12 '12 at 05:59

answered Nov 12 '12 at 05:53

rekire

47,260
30
167
264

Can elaborate more? If browser encode space into "+" and user key in "+" in the form as value, how we are going to differentiate? – Sam YC Nov 12 '12 at 05:55
hi, I don't understand how do we use this in the client browser side? I mean how do I inject it in the html? – Sam YC Nov 12 '12 at 06:07
1

When you Post the data via browser the browser will encode the strings correctly for you. And if you need to encode the string on the client side you cloud also use the js urlencode function or the jQuery stuff from the other answer. – rekire Nov 12 '12 at 06:13
1

You almost never have to explicitly encode your url parameters. Like rekire said, the browser does this for you. – surj Nov 12 '12 at 06:18
Hi, do you know how can I encode the string in the form? because once user press submit button, the value is posted to server already. – Sam YC Nov 12 '12 at 06:18
@NickPorter Hi, one more question please, just curious, if browser encode space to +, + to %2B, then what if user key in %2B? – Sam YC Nov 12 '12 at 06:20
1

@GMsoF Let's say your form has a field named "foo". If the user enters `+` in the form and hits the submit button, the browser converts that `+` to `%2B`. Then, when your server receives your request, it converts the `%2B` back to a `+`. So, when you call `getParameter("foo")`, you will get back a `+` character. – surj Nov 12 '12 at 06:21
@rekire Ya, I just tried that in your fiddle, do you mind to tell what is the logic behind? If user key in %252B? This should be specified in Http Protocol right? – Sam YC Nov 12 '12 at 06:24
1

@GMsoF Here's a fiddle that you can use to play with the parameter encoding: http://jsfiddle.net/3MFX2/4/ – surj Nov 12 '12 at 06:33
1

So it is in that case. And every char which needs to been protected will get in a form of % and its hexadecimal value. – rekire Nov 12 '12 at 06:33
@rekire Yes, this is the best logic, it wouldn't cause any conflict. If browser encode space to the form "%xxxx" (entity), I think I wouldn't ask this question, but sometime it encodes it to "+", then I am confused. – Sam YC Nov 12 '12 at 06:46
1

If this answer helps you more then the other one feel free to accept it. – rekire Nov 12 '12 at 07:09

How do we put "plus" sign in html form?

2 Answers2