About URL parameter escaping in AnQiCMS multi-site mode
AnQiCMS with its powerful multi-site management capabilities allows content operators to easily manage multiple brands or projects efficiently in a unified backend.However, when we step into the deep water area of multi-site operation, the construction of URL and parameter escaping become a detail that cannot be ignored.Properly handling URL parameter escaping is not only related to the normal operation of the website and user experience, but is also an indispensable part of search engine optimization (SEO).
Understanding the URL construction mechanism of AnQiCMS
In AnQiCMS, the URL structure of the website is highly flexible.By the "SEO-friendly rule" feature, we can customize friendly URL forms for articles, products, categories, single pages, and other content.For example, you can choose a numeric pattern based on ID (such as/article-123.html),can also choose to name based on alias (token/filename/catname) pattern (such as/news/latest-updates.htmlThese rules are carefully configured in the background to ensure that the URL is both beautiful and in line with SEO practices.
Especially in multi-site mode, each site can have independent URL rewrite rules and content aliases.When we create a new site, we specify a "site root directory" and a "site address", which means each site has its independent content organization and URL namespace.When AnQiCMS generates internal links, for example, by{{item.Link}}This template tag retrieves the document link, which will usually intelligently generate a URL that has processed special characters and can be used directly according to the current pseudo-static rules and content settings.This is the convenience provided for us by the system, greatly reducing the threshold for daily content publishing.
The necessity of URL parameter escaping
Even though AnQiCMS does well in generating internal links, we still need to manually pay attention to the escaping of URL parameters in certain specific scenarios.The URL is used to locate network resources, and it has strict rules for characters.Some special characters, such as&(used to separate parameters),=(for assignment) ,?(for identifying the start of a query string) ,/(The path separator) as well as spaces, Chinese characters, and other non-ASCII characters, if they appear directly in the URL path or parameter values without being escaped, it may lead to the following problems:
- URL parsing errorThe browser or server may not be able to correctly identify the structure of the URL, causing the page to be inaccessible or to load incorrect resources.
- Data loss or error: Special characters in parameter values are misinterpreted, the data passed to the backend is incomplete or tampered with. For example, if the search keyword "product & service" is not escaped,
&The symbol may be mistakenly considered as a delimiter for the next parameter. - Security risk: User input that is not escaped and directly concatenated into a URL and processed by the backend may trigger XSS (cross-site scripting attack) or other injection attacks.Although AnQiCMS has done many security protections internally, it is always safer to understand and prevent actively.
- SEO and user experience: A chaotic or incorrect URL is not conducive to search engine crawling and understanding of page content, and it also confuses users, affecting their trust in the website.
In a multi-site environment, if we need to pass complex query parameters between different sites, such as jumping from a product list on the main site to a filtered results page on a child site, manually constructing the URL and correctly escaping parameters becomes particularly crucial.
The practice of URL parameter escaping in AnQiCMS
AnQiCMS provides a convenient template filter to handle URL parameter escaping, mainly includingurlencodeandiriencode.
urlencodeFilterThis is the most commonly used URL parameter escaping tool, which will convert almost all non-alphanumeric characters in the URL to%xxIn hexadecimal form. This ensures that the URL is not misunderstood during transmission and is the "safe preference" when passing query parameter values.Usage scenarioWhen you need to manually construct a URL, especially when adding query parameters that contain special characters (such as spaces, Chinese,
&etc).ExampleSuppose you want to create a search link, the search keyword is安企CMS 解决方案:{% set keyword = "安企CMS 解决方案" %} <a href="/search?q={{ keyword|urlencode }}">搜索 {{ keyword }}</a>here,
安企CMS 解决方案Will be escaped to%E5%AE%89%E4%BC%81CMS%20%E8%A7%A3%E5%86%B3%E6%96%B9%E6%A1%88Make sure the URL is correct.iriencodeFilter:iriencodeRelative filterurlencodeIn terms of, the character range of encoding is smaller. It is mainly used for encoding Internationalized Resource Identifiers (IRI), and it retains some characters that are friendly to human readability (such as//:/()Wait, unless they are part of the parameter value), but still escape spaces and non-ASCII characters. In some cases, it may generate moreurlencodeA more "pretty" URL, but slightly less secureurlencodebecause it allows more characters to "exist" unchanged.Usage scenarioIf you have higher requirements for the aesthetics of URLs and are sure to retain certain non-standard URL encoding characters (such as
:), or mainly handles URLs with non-ASCII characters but a relatively fixed structure.ExampleIf you have a custom URL path that may contain Chinese, but you want the path separator/to remain unchanged:{% set path_segment = "我的文章分类" %} <a href="/category/{{ path_segment|iriencode }}/page-1.html">进入分类</a>here,
我的文章分类it will be escaped, but/it will remain unchanged.
Special considerations under the multi-site mode:
Cross-site linksWhen you need to build a URL pointing to site B from the template of site A, and the URL contains dynamic parameters, be sure to use
urlencodeEscape parameter values. For example, if site A has a recommended article module that links to the corresponding article on site B, and needs to pass arefparameter to record the source.{% system siteBUrl with name="SiteBBaseUrl" %} {# 假设后台配置了站点B的BaseUrl #} {% set articleId = "100" %} <a href="{{ siteBUrl }}/article-{{ articleId }}.html?ref={{ currentSiteName|urlencode }}">查看相关文章</a>Here
currentSiteName(The current site name, which may contain Chinese characters or spaces) needs to be escaped.Variable in custom static rule: For example, when setting up a custom static rule in the background,
archive===/{module}-{filename}.html,{filename}It usually handles character escaping automatically. But if you are manually concatenating these variables to build a URL in a template, and the content of these variables comes from user input or may contain special characters, it is wise to escape the variables appropriately before using them.For example, if you retrieve a filename that may contain special characters using a custom field{{ item.CustomFileName }}And it is used in the URL's{filename}Part, then consider{{ item.CustomFileName|urlencode }}.Data collection and import: AnQiCMS supports content collection and batch import.When handling external URLs or extracting URLs from imported content, also pay attention to whether the encoding is correct.If the URL being imported has encoding issues, it may cause the page to be inaccessible or fail to redirect.Before calling these URLs in the template