Skip to content

fix: handle @ symbols in URL credentials per RFC 3986 (#657)#803

Merged
benoitc merged 1 commit intomasterfrom
fix/url-at-in-credentials
Jan 18, 2026
Merged

fix: handle @ symbols in URL credentials per RFC 3986 (#657)#803
benoitc merged 1 commit intomasterfrom
fix/url-at-in-credentials

Conversation

@benoitc
Copy link
Owner

@benoitc benoitc commented Jan 18, 2026

Summary

  • Fixes parsing of URLs with @ characters in username or password
  • Per RFC 3986, userinfo ends at the LAST @ before the host
  • Example: https://user@domain.com:p@ssword@host.com/path now correctly parses as:
    • user: user@domain.com
    • password: p@ssword
    • host: host.com

Fixes #657

The userinfo in a URL ends at the LAST @ symbol before the host, not the
first. This allows usernames and passwords to contain @ characters.

Example: https://user@domain.com:p@ssword@host.com/path
- userinfo: user@domain.com:p@ssword
- host: host.com

The fix uses binary:split with [global] to find all @ symbols, then takes
the last part as the netloc and rejoins the rest as credentials.
@benoitc benoitc merged commit 8b0e6b7 into master Jan 18, 2026
2 of 5 checks passed
@benoitc benoitc deleted the fix/url-at-in-credentials branch January 18, 2026 23:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

hackney_url:parse_url/1 raises an exception on a technically valid edge case

1 participant