Project

General

Profile

Actions

Feature #10740

closed

Base64 urlsafe methods are not urlsafe

Added by dragonsinth (Scott Blum) almost 10 years ago. Updated over 9 years ago.

Status:
Closed
Target version:
-
[ruby-core:67570]

Description

Base64.urlsafe_decode64 is not to spec, because it currently REQUIRES appropriate trailing '=' characters.
Base64.urlsafe_encode64 produces trailing '=' characters.

'=' is not web safe, and is not recommended for base64url. Some specs even disallow.

Suggested fix:

  # Returns the Base64-encoded version of +bin+.
  # This method complies with ``Base 64 Encoding with URL and Filename Safe
  # Alphabet'' in RFC 4648.
  # The alphabet uses '-' instead of '+' and '_' instead of '/'
  # and has no trailing pad characters.
  def urlsafe_encode64(bin)
    strict_encode64(bin).tr("+/", "-_").tr('=', '')
  end

  # Returns the Base64-decoded version of +str+.
  # This method complies with ``Base 64 Encoding with URL and Filename Safe
  # Alphabet'' in RFC 4648.
  # The alphabet uses '-' instead of '+' and '_' instead of '/'.
  # Trailing pad characters are optional.
  def urlsafe_decode64(str)
    str = str.tr("-_", "+/")
    str = str.ljust((str.length + 3) & ~3, '=')
    strict_decode64(str)
  end

Files

base64-urlsafe-encode64-search-result.txt (19.9 KB) base64-urlsafe-encode64-search-result.txt akr (Akira Tanaka), 01/14/2015 12:44 AM
urlsafe_base64.patch (2.97 KB) urlsafe_base64.patch mame (Yusuke Endoh), 01/16/2015 01:16 PM
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0