Always URL encode your Base64 encoded query parameters
"I have not failed. I've just found 10,000 ways that won't work."
Thomas A. Edison
I spent a large portion of the day at work debugging an issue where I did not URL encode a Base64 encoded value I was sending to a server as a query parameter value. I want to make sure I never waste time on this issue again. I am writing a basic explanation of the problem and how to avoid it as reminder to myself. I hope this may help some one else in the future too.
Base64 encoded strings can contain the
+ character. If the
+ character is placed on a URL query parameter, it is interpreted as a space. This is problematic because a space (
+. In fact, the space (
To circumvent this behavior make sure you URL encode the Base64 encoded value so that
+ characters are encoded as
For example, say I have to send
QUJD+REVG+0hJY= to a server. If I put this on a URL without URL encoding the value, the URL will look like this:
http://simonkrueger.com?q=QUJD+REVG+0hJY=. This URL is perfectly valid, but when a request with this URL is sent to a server the query parameter,
q, is seen with a value of
QUJD REVG 0hJY=. This is not what I wanted. Do you see those spaces?
To fix this, I can URL encode this value before it is put on the URL. The URL now looks like this:
http://simonkrueger.com?q=QUJD%2BREVG%2B0hJY=. Now the server sees
q's value as
QUJD+REVG+0hJY=. Exactly what I wanted :).
This is a pretty simple mistake that I am sure has been made a million times. I hope to not to make it a million and one. Anyway, always URL encode your
Base64 encoded query parameters!