portal url-encode enable
Function
The portal url-encode enable command enables URL encoding and decoding.
The undo portal url-encode enable command disables URL encoding and decoding.
By default, URL encoding and decoding are enabled.
If the system software is upgraded from a version earlier than V200R009C00SPC500 to V200R009C00SPC500 or a later version, the switch automatically runs the undo portal url-encode enable command to disable URL encoding and decoding.
Usage Guidelines
Usage Scenario
To improve web application security, data from untrustworthy sources must be encoded before being sent to clients. URL encoding is most commonly used in web applications. To enable URL encoding and decoding, run the portal url-encode enable command. Some special characters in redirect URLs are then converted to secure formats, preventing clients from mistaking them for syntax signs or instructions and unexpectedly modifying the original syntax. In this way, cross-site scripting attacks and injection attacks are prevented.
Precautions
After the URL encoding and decoding function is enabled, some servers may not support the escape characters converted from special characters in redirect URLs. Therefore, check whether servers support the escape characters before configuring special characters in redirect URLs.