Closed RevolutionTech closed 7 years ago
Hey @RevolutionTech, just ended up choosing a different email regex that seems to handle this case better so as not to send malformed emails over to haveibeenpwned.com. Let me know if this didn't work for any reason.
The request made to haveibeenpwned directly concatenates the provided email to the rest of the URL: https://github.com/icanhasfay/PyPwned/blob/26295d2273262b040cbaffc4fe021aef2878be33/pypwned/__init__.py#L28
Usually this is fine, but if a special character such as
#
starts the email, this can cause some issues. In the case of#
, a "Not Found" HTML webpage is returned (but with a 200 status code) and sopypwned
tries to call.json()
on this page, resulting in aJSONDecodeError
.I believe that you should be able to fix this problem either by disallowing emails that start with an invalid character (such as
#
) in the regex ingetAllBreachesForAccount()
or by passing the provided email throughurllib.quote_plus
.