【Try to Hack】URL

Blog home page ： Happy star The blog home page of
Series column ：Try to Hack
Welcome to focus on the likes collection ️ Leaving a message.
Starting time ：2022 year 6 month 11 Japan
The author's level is very limited , If an error is found , Please let me know , thank ！

URL Format

URL（Uniform Resource Locator, Uniform resource locator ）, That is the link we often mention , adopt URL The request can find a unique resource , The format is as follows ：

protocol :// hostname[:port] / path / [;parameters][?query]#fragment

for instance
http://www.foo.com/path/f.php?id=1&type=cool#new

The corresponding relation is :
protocol <=> http
hostname <=> www.foo.com
path <=> /path/f.php
query <=> id=1&type=cool
fragment <=> new

hostname Be careful

hostname It can be either a domain name or a host name

Domain name access and ip The difference between visits ：
1、ip Access a certain server ; Domain name access is equivalent to ip On the basis of access , The intermediate function of a reverse proxy . for example ： Baidu , Many people use it at the same time , If you use the same server , The server may not be able to handle it , If you are visiting a domain name , Intermediate reverse proxy , You can reverse proxy users to different servers , Reduce server pressure .
2、 scanning ip A little wider , It is usually the upper level of the website access directory , Generally, the administrator will put the backup files in the ip The root directory pointed to by the address .（ This can be used ）

fragment

fragment（ Pieces of information ）( Anchor point )
Pieces of information , character string , Used to specify fragments in network resources . For example, a web page has multiple noun explanations , You can use fragment Go straight to a noun to explain .

It's an anchor point for a part of the resource itself . An anchor represents a type of... Within a resource “ Bookmarks ”, It gives the browser to display the location of the “ Bookmark ” Point content instructions . for example , stay HTML Document , The browser will scroll to the point where the anchor is defined ; On video or audio documents , The browser will go to the time represented by the anchor . It is worth noting that # The back part of the No , Also known as fragment identifier , Never sent to the server with the request .

need HTTP Basic The certification URL request

For needs HTTP Basic The certification URL request , You can even put your username and password directly into URL in , stay hostname Before
for example
http://username:[email protected]/

URL Encoding mode

Excerpt from Ruan Yifeng : About URL code

URL The key point is the coding method , There are three categories ：escape、encodeURI、encodeURIComponent, The corresponding decoding function is ：unescape、decodeURI、decodeURIComponent. The three coding functions are different , Even the browser is automatically URL There are also differences in coding .

Generally speaking ,URL Only English letters 、 Arabic numerals and some punctuation marks , Do not use other words and symbols . Just letters and Numbers [0-9a-zA-Z]、 Some special symbols "$-_.+!*'(),"[ Do not include double quotes ]、 And some reserved words , Can be used directly without coding URL.

Different operating systems 、 Different browsers 、 Different web character sets , Will result in a completely different encoding result . How can you ensure that the client sends a request to the server using only one encoding method ？

Is the use of Javascript First pair URL code , Then submit... To the server , Don't give browsers a chance to get involved . because Javascript The output of is always consistent , So it ensures that the data obtained by the server is of uniform format .

Javascript function ：escape()

This function is now deprecated , But for historical reasons , It's still used in many places
escape() Can't be used directly for URL code , Its real function is to return a character Unicode Encoding value . such as " Spring Festival " The return result is %u6625%u8282, That is to say Unicode Character set ," In the spring " It's No 6625 individual （ Hexadecimal ） character ," section " It's No 8282 individual （ Hexadecimal ） character .

Its specific rule is , except ASCII Letter 、 Numbers 、 Punctuation @ * _ + - . / outside , Code all other characters . stay \u0000 To \u00ff The symbol between is converted to %xx In the form of , The rest of the symbols are converted into %uxxxx In the form of .

therefore ,“Hello World" Of escape() The encoding is "Hello%20World”. Because of the space Unicode The value is 20（ Hexadecimal ）.

No matter what the original code of the web page is , Once being Javascript code , They all become unicode character . in other words ,Javascipt Function input and output , The default is Unicode character . This also applies to the following two functions .

escape() incorrect "+" code . But we know that , When the web page submits the form , If there are spaces , It will be transformed into + character . When the server processes data , Will be able to + The number is treated as a space . therefore , Be careful when using .

Javascript function ：encodeURI()

ncodeURI() yes Javascript Middle is really used for URL Coded functions .

It focuses on the whole URL Encoding , So in addition to the common symbols , For other symbols that have special meaning in the web address ; / ? : @ & = + $ , #, No coding . After the coding , It outputs symbols of utf-8 form , And add... Before each byte %.

It should be noted that , It's not in single quotes ' code .

Javascript function ：encodeURIComponent()

And encodeURI() Is the difference between the , It is used for URL The components are individually coded , Not for the whole URL Encoding .

therefore ,; / ? : @ & = + $ , #, These in encodeURI() A symbol that is not encoded in , stay encodeURIComponent() All will be coded . As for the specific coding method , The two are the same .

Ruan Yifeng : About URL code