In the daily content operation and website development of Anqi CMS, we often need to handle URL links to ensure that they are both safe and effective, and can be correctly parsed by browsers and search engines.This is an indispensable part of URL escaping (also known as encoding).AnQi CMS provides us with two very practical filters:urlencodeandiriencodeThey can all help us with URL escaping, but their purposes and methods of handling are different in practical applications.

Understanding the necessity of URL escaping.

Before we delve into the differences between these two filters, it is first important to understand why URL escaping is so crucial. The structure of a URL (Uniform Resource Locator) is fixed, and certain characters have special meanings, such as/Used to separate paths,?Indicates the start of query parameters,&Used to connect different query parameters,=Used to assign parameter values, etc.

When our URL contains user input, Chinese characters, spaces, or other special characters, if they are not escaped, these characters may:

  1. Destroy the URL structureFor example, a URL containing&The character parameter value is incorrectly parsed as two separate parameters.
  2. Causes security issuesMalicious code may be injected through unescaped URL injection, triggering cross-site scripting (XSS) and other security vulnerabilities.
  3. Cause compatibility issues.Different browsers or servers may handle non-standard characters differently, causing links to fail.

Therefore, URL escaping is the process of converting special or unsafe characters into a form%XXThe format encoded with percent signs, ensuring the uniformity and security of URLs. The template engine of AnQi CMS is built-in with these tools, making our development work more convenient.

urlencodeComprehensive and strict URL encoding:

urlencodeThe filter plays the role of a 'comprehensive guardian' in Anqi CMS.Its main responsibility is to percent-encode almost all special characters in the URL, ensuring that the generated URL can be safely and accurately parsed in any environment.

Imagine you are dynamically building a link that includes the keywords entered by the user in the search box, which may include spaces, Chinese characters, and even some punctuation marks.If you directly append this content to the URL, it may cause the link to fail or unexpected problems.urlencodeIt comes into play at this moment. It will convert spaces to:%20And Chinese characters to multiple%XXThe sequence, as well as special characters (such as colons, slashes, question marks, etc.), are also encoded accordingly.

When to use precedenceurlencode?

  • Handling the value of query parametersWhen any user input or dynamically generated data is used as the value of a URL query parameter, useurlencodeIt is a** practice because it can completely avoid ambiguity and security risks.
  • The path segment contains special charactersIf the URL path segment/path/to/somethingofsomething) may contain non-standard characters, useurlencodeto ensure the path is correctly identified.
  • High security requirementsIn any scenario where strict URL security is required,urlencodeis the default and most recommended choice, providing the strongest protection.

Using in Anqi CMS template,urlencodeVery intuitive, just pass the variable to be encoded through the pipe symbol:

{% set originalUrl = "http://www.example.org/foo?a=b&c=d" %}
<a href="{{ originalUrl|urlencode }}">访问页面</a>

This code will output a fully encoded URL, even if the original URL contains:///?/=/&Characters, which will also be escaped in the form of percentage encoding, for example, `http%3A%2F%2Fwww.example