search

bytespider / jsOAuth

JavaScript implimentation of the OAuth protocol. Currently supports version 1.0 (RFC5849) of the specification. Node.js & CommonJS compatible.
http://bytespider.github.com/jsOAuth/
MIT License
557 stars 109 forks source link

Typo in OAuth.urlEncode (version 1.3.1) #18

Closed realjax closed 12 years ago

realjax commented 12 years ago

This method contains the following code:

.... for (i = 0; i < str_len; i++) { if (c = string_arr[i].match(reserved_chars)) { ...

I'm pretty sure that the assigment to c should be a comparison instead, should read:

.... for (i = 0; i < str_len; i++) { if (c == string_arr[i].match(reserved_chars)) { ...

lukaszkorecki commented 12 years ago

Hi

Not many people like that construct, but it breaks down to something like this:

var c = string_arr[i].match(reserved_chars);
if(c) {
  // do this and that...
}

...so as you can see it's rather a test for whether the found char needs to be encoded or not.

That said: these functions (OAuth.urlEncode and OAuth.urlDecode) could be removed and use native encodeURI and/or encodeURIComponent.

bytespider commented 12 years ago

Native encodeURI and encodeURIComponent only exist in the browser implementations of Javascript. I wrote them due to the fact I needed a cross platform way of percent encoding.

Also encodeURI and encodeURIComponent don't cover all characters that need to be encoded, which means some manual work anyway. I felt a fully manual approach was the best option to cover all my goals.

lukaszkorecki commented 12 years ago

Native encodeURI and encodeURIComponent only exist in the browser implementations of Javascript. I wrote them due to the fact I needed a cross platform way of percent encoding.

Fair enough - I expected that this was the reasoning, I didn't expect that built in functions will not work according to the RFC :-( Bummer.

realjax commented 12 years ago

I stand corrected. :)

bytespider commented 12 years ago

There are several standards in the RFC for percent encoding. Some are old and out of date. I believe one of these is the one that javascript uses.

This article explains the differences quite well http://www.marcworrell.com/article-2943-en.html

lukaszkorecki commented 12 years ago

There are several standards in the RFC for percent encoding. Some are old and out of date. I believe one of these is the one that javascript uses.

This article explains the differences quite well http://www.marcworrell.com/article-2943-en.html

That's awesome stuff, I always (wrongly) assumed that there was only one specification to it.

TIL.