Skip to content

net/url: add URL.Redacted to return password-free string #34855

New issue
New issue
Closed
Closed
net/url: add URL.Redacted to return password-free string#34855
Labels
FrozenDueToAgeNeedsFixThe path to resolution is known, but the work has not been done.ProposalProposal-Accepted
Milestone
Go1.15
@nrxr

Description

@nrxr
nrxr
opened on Oct 11, 2019

Hiding the password from an URL is very useful for logging purposes. I have seen in the past code for doing this (or just plain passwords in logs). I built a small helper for this and I use it in my projects but I think it makes sense to have it in the standard library.

I wrote a small PR for this #34686 with the code (and test suite) for this feature.

It's a simple derivation from URL.String() that masks the password if exists from the string being passed. It makes no modification at all to the URL itself but to a copy of it. URL.Redacted() is just filtering passwords out of URL.String().

For example https://user@host.tld would be https://user@host.tld but https://user:password@host.tld would be https://user:xxxxx@host.tld. Making obvious that a password has been masked is good for visual-debugging purposes, so it's known a password is being passed in the URL.

Metadata

Metadata

Assignees

No one assigned

    Labels

    FrozenDueToAgeNeedsFixThe path to resolution is known, but the work has not been done.ProposalProposal-Accepted

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions