|
|
|||||||||||||||
last updated on 4/1/2014 7:03:59 AM |
URL Encoding
The URL query string, the name and the value of the following field consist of the same characters.
Following characters should NOT appear encoded over the wire: "-","_", "."Imortant: some of these characters can trigger some unexpected behaviour when being used in the querystring. For example # is used for bookmarks, everything after it is ignored.Submit FORM using the GET method to test URL enconding the same way as POST before.
Check this link:
data2html.asp?%?#[]{}|\&=@:^~`"$-_.+!*'(),<>;/
data2html.asp?%?[]{}|\&=@:^~`"$-_.+!*'(),<>;/#
A link containing spaces:
data2html.asp?a link containing spaces
Something special (note the space between [ ]):
data2html.asp?%?[ ]{}|\&=@:^~`"$-_.+!*'(),<>;/#
URL Handling
This link uses two question marks.
data2html.asp?Intermediate?testfield1=testvalue1A URL query string with invalid hex encoding must also be kept in the URL.
data2html.asp?hexdata=%65%66%67%INVALID%HEX%ENCODINGBinary data in URLs must not be converted to FORMS by the recorder. The following URL contains 0x02, 0x01, 0x00.
data2html.asp?databytes=3&%02=%01&NowThereIsATerminatingZero%00AndThenNothing
A relative URL with absolute URLs included in the query string. The URL in the HttpRequestHeaderFromClient log should be the same as in HttpRequestHeaderToServer log.
data2html.asp?https://cipehbu.cdg.citibank.de/HomeBankingSecure/StartSession.asp&http://cipehbu.cdg.citibank.de/HomeBanking/BrowserSecurity4.htm&LANG=4,LANGNAME=German_(Germany),DEVICEMODE=HTMLGPH,SRCT=10,CARDTYP=001,oatmeal=(this one does not work) data2html.asp?https://cipehbu.cdg.citibank.de/HomeBankingSecure/StartSession.asp&http://cipehbu.cdg.citibank.de/HomeBanking/BrowserSecurity4.htm&LANG=4,LANGNAME=German_(Germany),DEVICEMODE=HTMLGPH,SRCT=10,CARDTYP=001,oatmeal=
URLs with multiple '=' must result in a correct form (caused problems in previous versions, fixed since 2.6).
data2html.asp?login/=user=GuestNo secure URL with a :/ in the querystring can be handled by record/replay!
Detected in Build618.
The secure request https://demo.borland.com/data2html.asp?:/ cannot be recorded/replayed.
Common Forms
Submit a form using the GET method to data2html.asp?Intermediate
Submit a form using the POST method to data2html.asp?Intermediate
Submit a form using the GET method to data2html.asp
Submit a form using the POST method to data2html.asp
The next problem is likely due to the use of "?" as a delimiter in the url string. This is a form post without input fields:
<form action="data2html.asp?_SessionId_=000?_SessionType_=WEB?_User_=user1?_Password_=user1?_ContextId_=2000? HTTP/1.0" method="POST">
<input type="submit">
</form>
This results in following bdl(detected in SP3.5.1, build 658):
WebFormPostEx("http://your_host_here/data2html.asp?_SessionId_=000", TESTSITE_DATA2HTML_ASP001);
...
TESTSITE_DATA2HTML_ASP001:
" HTTP/1.0" := "WEB?_User_=user1?_Password_=user1?_ContextId_=2000? HTTP/1.0";
Various Form Submissions
A form POST with multiple '=' must result in a correct BDL form.
A form POST with hex encoded binary data must be converted into WebUrlPostBin.
Big POST.
POST data to server with URL params.
POST data to server with URL params and non-standard encoding.
Big GET (>4kB).
POST with Content-Length: 0.
POST with Content-Length: 0 but with an querystring in the url
Submit buttons of the next four forms have values with special characters.
Click here for a form sample containing an <INPUT> tag with a SRC attribute before TYPE=IMAGE
Follow this link to access a page containing a form producing a BIG POST (> 160K).
Click here for a XMLHttpRequest POST with 0 content-length.
Various Link Samples
<a href=" data2html.asp">space before link (relative URL)</a>
space before the link (relative URL)<a href="data2html.asp ">space after the link (relative URL)</a>
space after the link (relative URL)<a href=" data2html.asp ">space before and after the link (relative URL)</a>
space before and after the link (relative URL)<a href=" http://demo.borland.com/testsite/data2html.asp">space before the link (absolute URL)</a>
space before the link (absolute URL)<a href="http://demo.borland.com/testsite/data2html.asp ">space after the link (absolute URL)</a>
space after the link (absolute URL)<a href=" http://demo.borland.com/testsite/data2html.asp ">space before and after the link (absolute URL)</a>
space before and after the link (absolute URL)
Form Element Variations
Go to the sample page.
On click
On page load
unnamed popup test
Multiple Confirms