Not properly escaping URLs #68

Closed
newmana opened this Issue Nov 4, 2013 · 0 comments

Comments

Projects
None yet
1 participant

newmana commented Nov 4, 2013

We have a password with an @ sign in it and the erica client does not escape it correctly.

For example, trying to authenticate with (user: admin, password: @password:
http://admin:%40password@localhost:5984/

This gets encoded to the value for header 'Authorization':
'Basic YWRtaW46JTQwcGFzc3dvcmQ=' (decoded that's 'admin:%40password')

What it should do is decode to:
'Basic YWRtaW46QHBhc3N3b3Jk' (decoded that's 'admin@password')

An alternative would be to support having the username and password as separate values and then encoding them (where it's clear that @password should be escaped to %40password).

newmana closed this Jun 23, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment