我在几行代码中观察到一些奇怪/意外的行为,这些代码将值从查询字符串中拉出来。
功能调用
ValidateRequestNameValueCollection(HttpContext.Current.Request.Headers // other params omitted
功能定义
private void ValidateRequestNameValueCollection(NameValueCollection nvc, // other params omitted
{
int count = nvc.Count;
validationFailureIndex = 0;
for (int index = 0; index < count; ++index)
{
string key = nvc.GetKey(index);
if (null != key && key.StartsWith(DoubleUnderline, StringComparison.Ordinal))
continue;
string str = nvc.Get(index); // this is returning a decoded string
在visual studio调试器中,如果我将鼠标悬停在NameValueCollection参数上,我会看到类似于此的内容:
{PARAM = omitted3GCDqHrqg5w%2b6NJfc%3D}
这是明确编码的,但是当调用.get
时,返回的字符串被解码。基于这里的答案:HttpValueCollection and NameValueCollection我认为NameValueCollection
参数是静态演员到HttpValueCollection
并且HttpValueCollection
在get上自动调用UrlDecode
。我找不到任何明确说明这一点的文件。有人知道吗?
见https://referencesource.microsoft.com/#System.Web/HttpValueCollection.cs或https://github.com/Microsoft/referencesource/blob/master/System.Web/HttpValueCollection.cs
internal void FillFromString(String s, bool urlencoded, Encoding encoding) {
...
if (urlencoded)
base.Add(
HttpUtility.UrlDecode(name, encoding),
HttpUtility.UrlDecode(value, encoding));
else
...