The first part of the URL after the ? is the query parameter. This part of the URL is sent to the server to identify the encrypted data.
The part after the # is the fragment. Historically this was used to identify part of the page so the browser could scroll to it when the link was clicked. Later, it got hijacked by modern JavaScript frameworks for all sorts of purposes.
Indeed, I admit my mistake, putting the decryption key in the fragment is safer. Although, personally I'd still be more comfortable using a password (e.g. hello).
#in the URL. For anyone wondering how this works let me explain. Here's an example URL.?is the query parameter. This part of the URL is sent to the server to identify the encrypted data.#is the fragment. Historically this was used to identify part of the page so the browser could scroll to it when the link was clicked. Later, it got hijacked by modern JavaScript frameworks for all sorts of purposes.hello).