search

medialize / URI.js

Javascript URL mutation library
http://medialize.github.io/URI.js/
MIT License
6.26k stars 475 forks source link

URI cannot parse passphrase password #152

Closed garrensmith closed 10 years ago

garrensmith commented 10 years ago

Hi,

If I have a url like this: https://scooby:doo bee doooo-oo!@#$%^&()-000@ten-eleven.com Where the username is scooby and the password is doo bee doooo-oo!@#$%^&()-000 URL does not pass this password correctly and returns the password as doo bee doooo-oo!

This password is ridiculous but people do put @ in their passwords along with any of the other possible values in.

Cheers Garren

rodneyrehm commented 10 years ago

The problem here is not the @. It's the # denoting the beginning of the fragment. If you remove that, the parser will trip over % because %^ is not a valid percent-encoding sequence.

The DOM URL will simply fail to parse:

new URL('https://scooby:doo bee doooo-oo!@#$%^&()-000@ten-eleven.com')
// SyntaxError: Failed to construct 'URL': Invalid URL

I've always tried to keep URI a best-guess parser, something that won't fail instead of inferring the meaning of a malformed character sequence… But looking at your example, a strict parsing might make more sense.

garrensmith commented 10 years ago

Ok cool. Thanks for the explanation.