Ok, but this is a problem that can be solved with a tiny patch that won't break anything: disallow HTTP basic auth embedded in URLs if any character codepoint is > 127. Require a pop up to enter the user/pass or just give an error about an invalid URL.
Unicode characters here should definitely need to be explicitly encoded as base64 for the Authorization header.
Anyone who *needs* this to work with Unicode characters can piss off. I'm willing to bet the RFCs don't have any MUST or SHOULD that mention non-ASCII characters be allowed here.
Tada, we fixed it and everyone can put down their keyboards and stop crying about new TLDs
feld /
npub1yc…gujmw
2023-06-08 03:32:35
in reply to nevent1q…chgl
Author Public Key
npub1yck44z5zqxmwpqzqs75ay6ffjdw843ng9p6mz0lzfff3fgz2djlsngujmwPublished at
2023-06-08 03:32:35Event JSON
{
"id": "2c1337f34fa0d4b26eb1229d779b0b1ecd6e346cd7b070dc80151570d2219b4a",
"pubkey": "262d5a8a8201b6e0804087a9d26929935c7ac6682875b13fe24a5314a04a6cbf",
"created_at": 1686195155,
"kind": 1,
"tags": [
[
"p",
"17a7420b1d701ba7be4b9246bee8637afee74e53a36326932e6330132b17e553",
"wss://relay.mostr.pub"
],
[
"e",
"3dd5f01f2a64c18dc845210b7f181dc2592585933d6e5be4e5b25a78dbc96ace",
"wss://relay.mostr.pub",
"reply"
],
[
"mostr",
"https://bikeshed.party/objects/26f8fa78-1ce9-421b-aac7-49934dc6eefa"
]
],
"content": "Ok, but this is a problem that can be solved with a tiny patch that won't break anything: disallow HTTP basic auth embedded in URLs if any character codepoint is \u003e 127. Require a pop up to enter the user/pass or just give an error about an invalid URL.\n\nUnicode characters here should definitely need to be explicitly encoded as base64 for the Authorization header.\n\nAnyone who *needs* this to work with Unicode characters can piss off. I'm willing to bet the RFCs don't have any MUST or SHOULD that mention non-ASCII characters be allowed here.\n\nTada, we fixed it and everyone can put down their keyboards and stop crying about new TLDs",
"sig": "482b1b95eecb484733dc9a25f88660e77ed922c027352afbc22b8790db91848c312cdeba45ec49ff782a36fd4aa6c45ead7e0a95652b70a25048892e85b7f317"
}