-
Notifications
You must be signed in to change notification settings - Fork 362
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Server received pct-encoded password #1256
Comments
Does look like both String auth = base64Encode(utf8.encode(uri.userInfo)); and prefixed with The problem is that String auth = base64Encode(utf8.encode(Uri.decodeComponent(uri.userInfo))); Alterantively, the EDIT: I figured out why we're doing what we're doing, so we're going to keep doing that. Do not expect a change to I can't say what a browser would do, because my browser seems to ignore username/password in the request. |
As we discussed in lang/sdk#56114, I personally believe that |
Dart Storing invalid content is possible. It may make it harder to determine where to cut, when extracting individual properties (but probably not, if we couldn't decide that at the start, it wouldn't have parsed at all.) It may be confusing that the current implementation doesn't decode when accessing That is: void main() {
var uri = Uri.parse("http://banana%3Acoop:[email protected]");
print(uri);
print(uri.userInfo);
var [name, pwd] = uri.userInfo.split(':'); // Splits on the one `:`
print(Uri.decodeComponent(name)); // Decodes into containing `:`
print(Uri.decodeComponent(pwd));
print(Uri.decodeComponent(uri.userInfo)); // Too late to see which `:`.
} This code works and allows a Because of that, it's not a good idea to decode |
When using the following code to send a request, the server receives the password not as
^pwd
but as%5Epwd
.The text was updated successfully, but these errors were encountered: