0

I am using the code below to make a URLRequest but specials characters, like &, aren't being encoded correctly. What am I doing wrong?

  var request = URLRequest(url: URL(string: "http://\(hostToUse)/user/login")!)
    request.httpMethod = "POST"
    request.timeoutInterval = 120.0
    var postString = "data={\"userName\":\"\(username)\",\"password\":\"\(password)\"}"
    postString = postString.addingPercentEncoding(withAllowedCharacters: .alphanumerics)!
    postString = postString.replacingOccurrences(of: " ", with: "")
    request.httpBody = postString.data(using: .utf8, allowLossyConversion: false)
    request.setValue("application/x-www-form-urlencoded", forHTTPHeaderField: "Content-Type")
user1079052
  • 3,803
  • 4
  • 30
  • 55
  • 1
    Try with `.urlFragmentAllowed` instead of `.alphanumerics` (because "&" is not an alphanumeric) – Eric Aya Feb 16 '18 at 15:20
  • 1
    Possible duplicate of [How to use special character in NSURL?](https://stackoverflow.com/q/30148999/2227743) – Eric Aya Feb 16 '18 at 15:24

2 Answers2

0

& is a special character you can

let newString = aString.replacingOccurrences(of: "&", with: "%20")
Shehata Gamal
  • 98,760
  • 8
  • 65
  • 87
  • I thought about that but shouldn't it be caught in the percentage encoding? What other special characters do I need to account for? – user1079052 Feb 16 '18 at 15:19
  • 1
    He is not calling for only &, He just give example, like &. This is right solution only for escape &. Not for all special characters. – Sagar Chauhan Feb 16 '18 at 15:21
  • How about cases where you really need the `&` character? Like the separator between url params. – Cristik Feb 16 '18 at 15:23
  • unfortunately encoder don't catch this , it was old problem with me when i want to login in with account whose password has & character , it may be caught in 3 party libraries like AFNetworking / Alamofire – Shehata Gamal Feb 16 '18 at 15:24
  • @Cristik this is the workaround for sending post parameters whose body is constructed with username=%@&passowrd = %@ where any parameter value contains also & – Shehata Gamal Feb 16 '18 at 15:27
0

This code has a number of likely problems:

  • You're uploading a blob of JSON data in a single URL-encoded form field and not using any other fields. Why not just make the upload format be JSON and ditch the URL encoding entirely?
  • You're trying to URL-encode the whole "fieldname=value" when you should just be URL-encoding the value part.
  • The alphanumerics character set is WAY too broad, including anything that looks like a number. The legal character set for a URL is much, much smaller than that.

BTW, I'm fairly certain that even URLQueryAllowedCharacterSet is too broad for a single query string field, because it allows characters like equals signs and ampersands that are reserved as field delimiters in the normal use of query strings.

For maximum safety, you should instead use your own character set that contains only the unreserved characters:

    [NSCharacterSet characterSetWithCharactersInString:@"abcdefghijklmnopqrstuv"
        "wxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.~"]

Or better yet, use NSURLComponents. It has properties specifically for constructing query strings.

dgatwood
  • 10,129
  • 1
  • 28
  • 49