[ python-Bugs-1661108 ] base64.urlsafe_b64encode() shouldn't use the = character

SourceForge.net noreply at sourceforge.net
Sat Feb 17 08:32:16 CET 2007


Bugs item #1661108, was opened at 2007-02-16 03:11
Message generated for change (Comment added) made by ryanbarrett
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1661108&group_id=5470

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Python Library
Group: Python 2.6
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Ryan Barrett (ryanbarrett)
Assigned to: Nobody/Anonymous (nobody)
Summary: base64.urlsafe_b64encode() shouldn't use the = character

Initial Comment:
base64.urlsafe_b64encode() almost always returns strings that include the = character. this may be ok before the ? in a URL, but it's not OK after.

it would be nice if it substituted another character for =, like it does for + and /. if this is intentional, though, and you don't want to substitute for =, the documentation should probably be changed to note that it's only safe for use before the ?. (it doesn't include that caveat now.)

http://docs.python.org/lib/module-base64.html#l2h-1592

----------------------------------------------------------------------

>Comment By: Ryan Barrett (ryanbarrett)
Date: 2007-02-17 07:32

Message:
Logged In: YES 
user_id=751286
Originator: YES

i talked to harald alvestrand, and he made the good point that the =
character is only problematic in URL parameter names. it's ok, if unusual,
in parameter values, since the & character is used at the end the value.

apart from that, though, he didn't sound like this would be a priority for
the IETF to address. unfortunate, but understandable. :P

so, the resolution here might just be to update the base64 documentation
to say that urlsafe_b64encode's output may include the = character. another
option would be to change the code to use different character for padding,
which would be nicer, but wouldn't follow the spec. up to you.

----------------------------------------------------------------------

Comment By: Ryan Barrett (ryanbarrett)
Date: 2007-02-16 18:10

Message:
Logged In: YES 
user_id=751286
Originator: YES

after more investigation, RFC3548 does say to use the = character for
padding even in the URL-safe alphabet. weird.

so, it looks like the base64 module is just following the spec, and it's
the spec that (seems) broken. sigh.

i'm off to try to figure out why RFC3548 says = is ok in URLs...

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1661108&group_id=5470


More information about the Python-bugs-list mailing list