These are the ramblings of Matthijs Kooijman, concerning the software he hacks on, hobbies he has and occasionally his personal life.
Most content on this site is licensed under the WTFPL, version 2 (details).
Questions? Praise? Blame? Feel free to contact me.
My old blog (pre-2006) is also still available.
See also my Mastodon page.
Sun | Mon | Tue | Wed | Thu | Fri | Sat |
---|---|---|---|---|---|---|
1 | 2 | 3 | ||||
4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 | 13 | 14 | 15 | 16 | 17 |
18 | 19 | 20 | 21 | 22 | 23 | 24 |
25 | 26 | 27 | 28 | 29 | 30 |
(...), Arduino, AVR, BaRef, Blosxom, Book, Busy, C++, Charity, Debian, Electronics, Examination, Firefox, Flash, Framework, FreeBSD, Gnome, Hardware, Inter-Actief, IRC, JTAG, LARP, Layout, Linux, Madness, Mail, Math, MS-1013, Mutt, Nerd, Notebook, Optimization, Personal, Plugins, Protocol, QEMU, Random, Rant, Repair, S270, Sailing, Samba, Sanquin, Script, Sleep, Software, SSH, Study, Supermicro, Symbols, Tika, Travel, Trivia, USB, Windows, Work, X201, Xanthe, XBee
Recently I have been doing some Flash debugging for my work at Brevidius.
In a video player we have been developing (based on
work done by Jeroen Wijering) we needed to escape some url parameter,
since our flash code could not be certain what would be in the value (and
characters like & and = could cause problems). The obvious way to do this is
of course the escape
function in ActionScript. This function promises to
escape all "non-alphanumeric characters", which would solve all our problems.
However, afters implementing this, we find that there are spaces magically
appearing in our GET parameters. Upon investigation, it turns out that there
are plus signs in our actual values (it's Base64 encoded data, which uses
the plus sign). However, the escape
function apparently thinks a
plus sign is alphanumeric, since it does not escape it (note that the flash
10 documentation documents this fact). Which shouldn't be a
problem, since a plus sign isn't special in an url according to RFC1738:
Thus, only alphanumerics, the special characters "$-_.+!*'(),", and reserved characters used for their reserved purposes may be used unencoded within a URL.
(Note that RFC3986 does recommend escaping plus signs, since they might be used to separate variables, but that's not the case here).
However, the urls we generate in flash point to PHP scripts and thus pass
their variables to PHP. Unfortunately, PHP does not adhere to the RFC's
strictly: It interprets plus signs in an url as spaces. Historically, spaces
in an url were replaced by plus signs, while spaces should really be encoded
as %20 nowadays. There is of course a simple way get Flash (or any other
url-generating piece of code) work properly with PHP: Simply encode plus signs
in your data as %2B (which is the "official" way). This makes sure you get a
real plus in your $_GET
array in PHP, and the problem is resolved.
After some searching, and asking around in ##swf
on Freenode, I found
the encodeURIComponent
function, which is similar to escape
, but does
encode the plus sign. If we use this function, we can again send data with
spaces to PHP! And since encoding more than needed is still fine according to
the specs, there are no downsides (except that you need Flash >= 9.0).
So, if you're developing in Flash, please stop using escape
, and use
encodeURIComponent
instead.
Comments are closed for this story.