Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug] Uri.parse failes to currectly parse url like: http://user:^@example.com #56114

Closed
idy opened this issue Jul 1, 2024 · 5 comments
Closed
Labels
area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. closed-as-intended Closed as the reported issue is expected behavior library-core

Comments

@idy
Copy link

idy commented Jul 1, 2024

Dart 3.4.3 (stable) (Tue Jun 4 19:51:39 2024 +0000) on "macos_arm64"

Uri.parse is unable to correctly parse cases where the userInfo section contains special characters, such as: http://user:^@example.com

Running the following code:

void main() {
  final u = Uri.parse('http://user:^@example.com');
  print(u.userInfo);
}

The printed log is: user:%5E, but the expected value is: user:^

@idy idy changed the title [Bug] Cannot parse url like: http://:1^[email protected] [Bug] Uri.parse Cannot parse url like: http://user:^@example.com Jul 1, 2024
@dart-github-bot
Copy link
Collaborator

Summary: Uri.parse fails to correctly parse URLs with special characters in the userInfo section, incorrectly encoding the ^ character as %5E instead of preserving it.

@dart-github-bot dart-github-bot added area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. triage-automation See https://github.com/dart-lang/ecosystem/tree/main/pkgs/sdk_triage_bot. type-bug Incorrect behavior (everything from a crash to more subtle misbehavior) labels Jul 1, 2024
@idy idy changed the title [Bug] Uri.parse Cannot parse url like: http://user:^@example.com [Bug] Uri.parse failes to currectly parse url like: http://user:^@example.com Jul 1, 2024
@svpz
Copy link

svpz commented Jul 3, 2024

I think the ^ sign you mentioning is not valid according to the RFC 3986 section 3.2.
As much as I know, the behavior of Uri.parse is consistent with the requirements of RFC 3986. To include special characters like ^ in the userInfo section, they must be percent-encoded. Thus, the method’s output of user:%5E is correct and expected.

@idy
Copy link
Author

idy commented Jul 4, 2024

Yes, RFC 3986 does not define the ^ symbol, so the best approach when parsing it is to leave it unchanged.
According to RFC 3986 section 2.4, only when constructing a URI should the pct-encoded format be used. However, uri.Parse is a dereference.

Thus, the expected behavior is:

Parse(':%[email protected]') returns {username: '', password: '^', ...}
Parse(':^@example.com') returns {username: '', password: '^', ...}

@lrhn
Copy link
Member

lrhn commented Jul 4, 2024

The behavior is intended.
The alternative would be to reject parsing the input, because it's not a valid URI text. The Dart Uri class tries to help by auto-escaping invalid characters (and normalizes in several ways, including by unescaping unnecessary escapes).

That means that what Uri.toString() returns may not be the original input to Uri.parse, but on the other hand it's guaranteed to be a valid and normalized RFC-3986 URI reference.

@lrhn lrhn closed this as completed Jul 4, 2024
@lrhn lrhn added closed-as-intended Closed as the reported issue is expected behavior library-core and removed type-bug Incorrect behavior (everything from a crash to more subtle misbehavior) triage-automation See https://github.com/dart-lang/ecosystem/tree/main/pkgs/sdk_triage_bot. labels Jul 4, 2024
@idy
Copy link
Author

idy commented Jul 5, 2024

Thank you for your response. After careful consideration, if the value of userInfo is designed to be in a URL-safe format, then the issue does not arise from Uri.parse; rather, it lies within the HTTP library. When the HTTP request is sent, the pct-encoded value should be decoded and then base64 encoded.

I have raised an issue in the HTTP library. dart-lang/http#1256

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. closed-as-intended Closed as the reported issue is expected behavior library-core
Projects
None yet
Development

No branches or pull requests

4 participants