-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
URL.build doesn't url encode credentials #156
Comments
(FTR: hyperlink only forbids |
OK so I believe the bug is rather that yarl doesn’t url encode credentials: >>> str(yarl.URL.build(
... scheme="http", host="localhost",
... user="u?er", # won't be encoded
... password="pass[word", # won't be encoded
... path="[?" # gets encoded
... ))
'http://u?er:pass[word@localhost/%5B%3F' |
Some clue from RFC: https://tools.ietf.org/html/rfc3986#section-3.2.1
https://tools.ietf.org/html/rfc3986#section-2.3
https://tools.ietf.org/html/rfc3986#section-2.1
https://tools.ietf.org/html/rfc3986#section-2.2
|
So. |
Yeah current workaround is simply |
@socketpair yeah, as per https://twitter.com/webKnjaZ/status/951789259631087616 |
(just to be clear: I ran into my original bug because I tried to parse an URL that I've created using URL.build() :)) |
Still, there's an ambiguity in how to detect whether it needs quoting. The only way to solve this is to introduce additional method like |
The same argument could be made about the path argument which seems to be…smart?
|
@hynek and this is also a bug. how would it know whether I want it double encoded? |
Magic is harmful: explicit is better, than implicit. |
I’m not arguing for either; I’m just pointing out current behaviour. |
Just sharing my opinion explicitly :) |
|
Yay :) |
EDIT the bug described here is just a consequence of the bug described below.
Currently square brackets in the username or the password lead to the URL being interpreted as an IPv6 address:
Sadly, the error seems to come from the stdlib tho:
The text was updated successfully, but these errors were encountered: