How to prevent JavaScript encoding the query string in a location.replace()?
I have an already encoded URL string printed in my HTML template via Django. When I place this in a call to location.replace() it gets mangled by some JavaScript that mangles the = and % already present in the query string, resulting in the subsequent URL (out of my domain) not knowing what to do with it.
How do I prevent JavaScript from changing it?
EDIT: example url string:
'http://destination.com/?name=https%3A%2F%2Fexample.com%2F&nextparam=nextvalue'
passing above into location.replace() results a redirect to:
http://destination.com/?name%3Dhttps%253A%252F%252Fexample.com%252Fnextparam=nextvalue
which is obviously incorrect.
The URL has as one of it's query string parameters a URL. The safe encoded characters passed from Django are from the set of characters in the string ':/', basically so the 'http://example.com/' gets encoded correctly. Fine. '=%&' are all untouched parts of the query string.
In my encoded string that works outside of js (eg in anchor tag href) this links to the correct url.
But when I put it in window.location when it redirects it escapes all characters in the query string and removes '&' for some reason - even the '%' used to encode the original URL parameter in the qs. Checking source shows the string is identical to the one in the a tag above.
Is there anyway to prevent javascript location attribute escaping stuff prior to the redirect?
Answer
You should decode the query string before calling location.replace() with it.
JavaScript doesn't have a built in method for encoding/decoding strings, but there is a library called php.js that can help you. See this link for a function for decoding urls. This library is widely supported.