-
-
Notifications
You must be signed in to change notification settings - Fork 315
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
email_url
uses unquote_plus
which breaks values with +
in them
#388
Comments
awbacker
changed the title
May 6, 2022
email_url
uses unquote_plus
which breaks paswords/usernames with +
in thememail_url
uses unquote_plus
which breaks values with +
in them
I ended up with this code, just for reference:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When using
email_url
, if your username or password includes a+
then the function will unquote it (change it to a space), breaking the value.AWS SES passwords can and do have
+
in them.I think
email_url
should be updated to unescape only classic%
escaping viaunquote()
, or to abandon unescaping altogether.No escaping actually has to be done, since
urlparse
does not care about the values. If you have a space in your username it will happily let you put it in the url.This is of course subjective, and when dealing with URIs here I don't think there is always a correct answer. It may depend on where you get your settings from.
An alternative would be to raise an error if one of those conditions was found (space, + or % in the u/p) and instruct the user to pass in an unquote function of their liking or
none
to just take it as is.The
The text was updated successfully, but these errors were encountered: