freeformz
commented
7 years ago AFAICT based on the docs, which has examples like color.Cyan("Prints text in cyan.") this, it isn't isn't needed. Or does a linter complain?
Closed imarko closed 7 years ago
freeformz
commented
7 years ago AFAICT based on the docs, which has examples like color.Cyan("Prints text in cyan.") this, it isn't isn't needed. Or does a linter complain?
imarko
commented
7 years ago @freeformz color.Cyan acts like Printf so it works ok with a literal like that which doesn't have any % format specifiers but http headers often have % characters which are interpreted as format specifiers. For example:
httpstat https://twitter.com/ | grep Set-Cookie
Set-Cookie: fm=0; Expires=Mon, 26 Sep 2016 17:51:51 UTC; Path=/; Domain=.twitter.com; Secure; HTTPOnly,_twitter_sess=BAh7CSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%!A(MISSING)SGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCK7%!F(MISSING)n2dXAToMY3NyZl9p%!A(MISSING)ZCIlMjQ5NDdjYjAwNTllNGNhODE1MDU1N2YyMzZmMTg1OGI6B2lkIiU1MTZh%!A(MISSING)ZWJhNDdmYzQ3MGQwOTQyZjFlYWRiZmZkYTMyZQ%!D(MISSING)%!D(MISSING)--06268c349ea2e282640469e3c8b3cfb9a9fed7ad; Path=/; Domain=.twitter.com; Secure; HTTPOnly,guest_id=v1%!A(MISSING)147491232145252821; Domain=.twitter.com; Path=/; Expires=Wed, 26-Sep-2018 17:52:01 UTCNote the MISSING strings in the output
freeformz
commented
7 years ago @imarko Ahh my bad, that makes sense. Thanks for the clarification.
davecheney
commented
7 years ago Wow, what an API footgun. Thanks for spotting that.
without these we'd use header values as format strings and get bogus output if a header has % characters. For example the Set-Cookie header in httpstat https://twitter.com/