Escaping & in a URL

Question

I am using jsps and in my url I have a value for a variable like say \"L & T\". Now when I try to retrieve the value for it by using request.getParameter I

Answer 1

java.net.URLEncoder.encode("L & T", "utf8")

this outputs the URL-encoded, which is fine as a GET parameter:

L+%26+T

Answer 2

A literal ampersand in a URL should be encoded as: %26

// Your URL
http://www.example.com?a=l&t

// Encoded
http://www.example.com?a=l%26t

Answer 3

You can use UriUtils#encode(String source, String encoding) from Spring Web. This utility class also provides means for encoding only some parts of the URL, like UriUtils#encodePath.

Answer 4

You need to "URL encode" the parameters to avoid this problem. The format of the URL query string is: ...?<name>=<value>&<name>=<value>&<etc> All <name>s and <value>s need to be URL encoded, which basically means transforming all the characters that could be interpreted wrongly (like the &) into %-escaped values. See this page for more information: http://www.w3schools.com/TAGS/ref_urlencode.asp

If you're generating the problem URL with Java, you use this method: String str = URLEncoder.encode(input, "UTF-8");

Generating the URL elsewhere (some templates or JS or raw markup), you need to fix the problem at the source.