Generated base64 on mobile devices fails strict mode test

[nijinekoyo]

On mobile devices, using Base64.encodeURL to encode json content cannot be parsed using strict mode PC Generated:

eyJjYXB0Y2hhX2lkIjoiNzIyOWJkYTA2Mjk3YzM4ZTFkNWQ0M2ZjYjE1NGZmMDciLCJsb3RfbnVtYmVyIjoiMDg0OTlmMjg3YjUwNDA4ZWEwNDhhMmI4NzkzMGI1ZmQiLCJwYXNzX3Rva2VuIjoiOTE0MmJhNzA3NTk2NjI5ZTlmYzE3ODdkZTdjMmYxMjE4N2MxOTQ4MmNjYzg5MzM2NTgyYWE3OGMxZWZkMDU3ZSIsImdlbl90aW1lIjoiMTcyNjM2MDA5MSIsImNhcHRjaGFfb3V0cHV0IjoiSkdFMmRzbjFkQXo0WEZvZU9QUzhPX0lTUFNNLXVzaVZ4TDVMX01NNHVzTTNjaGpsYzNqRGl6UDRoZFE5c3J3WEtuWFFfMkNMUGpveUZ0Q0ZqdlBrYThBeWpaUVZ1empCeHpyMmJiM2dpcmJ3U09CV1BiOTY2b0hsR2ZpNFg4TzlTdV9fUV9XSFpDSlM0WDRDcGZ3R3NRaXdscVZQQW5IQi1PNGYxRWxfWmVrR0hTeER0NnFiU201eHVaeENxRDZlV0Y2ZlQyaUUxajE4dGdfVDBQLXo4Nmw2amtVUHdCY05zaktiWWZDdFZhSmNHUFZDZ2Z1dmxtcVBhV0R4Q3ljLXlYTHFxcjExNFIwQ09TbnNUQVBoY29ZMV8xRE9WM1A4RlA3WTZnMTNaRUxWcGxjaGJxV2Ixb2dvSWZ6SHlTSmFpZzZIX3Q4NHlZbTVfWHpmeDVHNXpqYU56Q2ptTGNtd1ZUM1pUa2R1UUY2WS1Cd1pXRHE4MDhqWlpNd1dkWnVCb2thUUl3WWptaXNqNzluZU1ad29sQzNLUlJyMEVsUElBZERRVFRsUTZiR2VoMFp5S25fVTlPZ1RMZk1tVW9Ca09zUm5zQ01HbXNYbVVacHpuRGkyVXc9PSJ9

Mobile device Generated:

eyJjYXB0Y2hhX2lkIjoiNzIyOWJkYTA2Mjk3YzM4ZTFkNWQ0M2ZjYjE1NGZmMDciLCJsb3RfbnVtYmVyIjoiZGMxZGJlMjA5YWQ2NGI3MmE4NmQwOWY4MzBhN2M0MzkiLCJwYXNzX3Rva2VuIjoiZTFhNDVkNWQzYzcyMDFhNTllZTE3ODEzODg2OGNkNWIzODk3MmI1ODNmYjViMGU3NjY1ZmYwMDE0NmZmZmIxZSIsImdlbl90aW1lIjoiMTcyNjMxNjYzOSIsImNhcHRjaGFfb3V0cHV0IjoiSkdFMmRzbjFkQXo0WEZvZU9QUzhPX0lTUFNNLXVzaVZ4TDVMX01NNHVzTTNjaGpsYzNqRGl6UDRoZFE5c3J3WG9HM29EbW5HcEJ3QXZFeC1sMTZYdkFhRXl4MlYzYk5vLUdaNUg2cmV5SG9sWDlaZVptY2c3eHdhT0U2eEFiMjdnTjBjTFprT0dZaG9lT1luUTRFbVFZbkFoMk5aMGViMTc1UXNnb1pPR1NWTXA2ak14UjRpVVBrUHQxckdaSThVeFVUWTRGT3ZoS0VXeWxPSkVyak1BdklCNkJvdVVWczJOUWFrRjFmQkpWbTBxSTUwUDZPMkhXRzF0d0o1Mk1ENENWRERxTWpKM0ZHeUJ4Y1BVR0FlU01BTkFJcTBsbWQwTjRUZWRHWmQxY2JYdWVIdmJWbloteUh6blAybk8yRUVfOUdPcWVEQjdQcW82LUNxS0ZsN1pkTnR1S0k5WndBXzhiLTlDem9aaVhheC1qa2M0Y2JUSm8tWTVBdjVMdWpkalIwQ2dYM0QteDdKQ21JWDRzbXlVTy1wVi13TnFKT2htVVB5MmpHVDNWekpUb2E4M3dSa3hVWnJXZUY2STdoYlotZVR3RVpPUGxVTmlfNXROS1BKdGFLM1NMWUd1QmtEa2QzWjZhNjd6aTI3RUlUSVVxak1sdnNHTFh1NVJGa0MifQ

This problem only occurs on mobile devices. It cannot be reproduced on PC even with mobile device simulation This problem occurs on both Android and iOS devices. Test browsers include Safari, Chrome, Edge

[dankogai]

Your sample appears to be the result of Base64.decode() instead of Base64.encodeURL(). And it also appears to be used by some other framework. Would you try again with less complicated environment with clearer example? Would you also check the environment where this module is used, since that may be the cause of your problem instead of js-base64?

[nijinekoyo]

This is a minimal example using the vue3 framework that will print incorrect base64 on the page

<template>
    <div>
        {{ Base64.encodeURL(JSON.stringify(testData)) }}
    </div>
</template>

<script setup lang="ts">
import { Base64 } from 'js-base64';

let testData = {
    "captcha_id": "7229bda06297c38e1d5d43fcb154ff07",
    "lot_number": "dc1dbe209ad64b72a86d09f830a7c439",
    "pass_token": "e1a45d5d3c7201a59ee178138868cd5b38972b583fb5b0e7665ff00146fffb1e",
    "gen_time": "1726316639",
    "captcha_output": "JGE2dsn1dAz4XFoeOPS8O_ISPSM-usiVxL5L_MM4usM3chjlc3jDizP4hdQ9srwXoG3oDmnGpBwAvEx-l16XvAaEyx2V3bNo-GZ5H6reyHolX9ZeZmcg7xwaOE6xAb27gN0cLZkOGYhoeOYnQ4EmQYnAh2NZ0eb175QsgoZOGSVMp6jMxR4iUPkPt1rGZI8UxUTY4FOvhKEWylOJErjMAvIB6BouUVs2NQakF1fBJVm0qI50P6O2HWG1twJ52MD4CVDDqMjJ3FGyBxcPUGAeSMANAIq0lmd0N4TedGZd1cbXueHvbVnZ-yHznP2nO2EE_9GOqeDB7Pqo6-CqKFl7ZdNtuKI9ZwA_8b-9CzoZiXax-jkc4cbTJo-Y5Av5LujdjR0CgX3D-x7JCmIX4smyUO-pV-wNqJOhmUPy2jGT3VzJToa83wRkxUZrWeF6I7hbZ-eTwEZOPlUNi_5tNKPJtaK3SLYGuBkDkd3Z6a67zi27EITIUqjMlvsGLXu5RFkC"
}
</script>

[dankogai]

In your screen shot Alphabet is defined as A-Za-z0-9+/= which is a valid set of Base64 character, and an invalid Base 64 Encoding with URL and Filename Safe Alphabet. It is A-Za-z0-9\-_= that is correct (note \ is an escape char).

https://datatracker.ietf.org/doc/html/rfc4648#section-5

Would you try replacing the Alphabet definition and see what happens?

[nijinekoyo]

Oh sorry, I forgot to switch when I took the screenshot, but switching the character set has the same effect

[nijinekoyo]

I think I understand the cause of the problem. If the original text is base64 and there are _ or - characters, an incorrect result will be generated.