How to pass HTML Tags through base64_decode?

[Monkuar]

Like let's say  I have

 

$message = base64_encode('<b>Hello</b>');

 

then i decode it

 

$decodedmessage = base64_decode($message);

 

it doesn't work and shows like

 

"<b[?? " or some weird numbers.

 

 

Hope u can help !

 

 

using htmlentitties works but just shows the characters , i need it to actually show html lol

[jazzman1]

I've got "Hello" copy/paste your code.

Which editor you're using and what kind of encoding type use to save the files?

[Monkuar]

I've got "Hello" copy/paste your code.

Which editor you're using and what kind of encoding type use to save the files?

 

ya but is your hello bolded?

[Monkuar]

Just found a fix for enabling HTML IN BASE_64 ENCODING METHOD

 

USE THIS TO ENCODE:

 

 

base64_encode(rawurlencode($message));

 

 

 

TO DECODE USE:

 

rawurldecode(base64_decode($message));

 

 

Thanks, have nice day everyone!!!! Add this to the snippetS !

[Christian F.]

What? No! This is wrong, simply wrong.

There should be no need what so ever to use rawurlencode () and rawurldecode () here. That's only for adding data as GET parameters to an URL. Base64-encoding something would make the whole raw URL-encoding moot anyway, as it completely translates the string (to something potentially NOT-url compatible, btw).

 

You were doing something else wrong, and accidentally fixed it when adding the URL-encoding.

[Monkuar]

What? No! This is wrong, simply wrong.

There should be no need what so ever to use rawurlencode () and rawurldecode () here. That's only for adding data as GET parameters to an URL. Base64-encoding something would make the whole raw URL-encoding moot anyway, as it completely translates the string (to something potentially NOT-url compatible, btw).

 

You were doing something else wrong, and accidentally fixed it when adding the URL-encoding.

 

Lol, i don't know.

 

w/e I did, it works though and html works haha.

 

I just have a simple redirection page

 

redirect("rofl.php?=1", " Thanks, page edited! ");

 

and then I just encode both those values in base64 and rawurl and pass them through $_GET so it looks sexy in the web address bar with encoded numbers/letters, the html wasn't working so I tried this way I posted and it worked? Blah

 

edit: mind you, no databases or nothing is involved here

[Christian F.]

If you pass the base64-encoded value in the URL, then you'd need to URL-encode them, yes. However, that should only be done after base64-encoding them, seeing as it's the equal signs used for padding that gets messed up in that case. If it worked the other way around, as posted above, then this was purely by coincidence as the string became long enough not to require padding.

Should have noted that you were sending the result via GET though, in the first place.

 

That said: I'd never send any kind of static page-content via the browser. That's just asking for an attacker to abuse it. What I'd done is to set a status value in the URL, and then check for it on the server-side. If set (properly), then show the confirmation message. Simple, clean and secure.