From: akr@... Date: 2015-01-14T00:44:46+00:00 Subject: [ruby-core:67573] [ruby-trunk - Bug #10740] Base64 urlsafe methods are not urlsafe Issue #10740 has been updated by Akira Tanaka. File base64-urlsafe-encode64-search-result.txt added I like this feature. (I think this issue is a feature, not a bug.) However I think the current behavior should be choosable for compatibility. I searched Base64.urlsafe_encode64 in gems: base64-urlsafe-encode64-search-result.txt Not all use removes "=". I guess some will have problem if we change the behavior. ---------------------------------------- Bug #10740: Base64 urlsafe methods are not urlsafe https://bugs.ruby-lang.org/issues/10740#change-50984 * Author: Scott Blum * Status: Open * Priority: Normal * Assignee: * ruby -v: ruby 2.1.3p242 (2014-09-19 revision 47630) [x86_64-darwin14.0] * Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN ---------------------------------------- Base64.urlsafe_decode64 is not to spec, because it currently REQUIRES appropriate trailing '=' characters. Base64.urlsafe_encode64 produces trailing '=' characters. '=' is not web safe, and is not recommended for base64url. Some specs even disallow. Suggested fix: ~~~ # Returns the Base64-encoded version of +bin+. # This method complies with ``Base 64 Encoding with URL and Filename Safe # Alphabet'' in RFC 4648. # The alphabet uses '-' instead of '+' and '_' instead of '/' # and has no trailing pad characters. def urlsafe_encode64(bin) strict_encode64(bin).tr("+/", "-_").tr('=', '') end # Returns the Base64-decoded version of +str+. # This method complies with ``Base 64 Encoding with URL and Filename Safe # Alphabet'' in RFC 4648. # The alphabet uses '-' instead of '+' and '_' instead of '/'. # Trailing pad characters are optional. def urlsafe_decode64(str) str = str.tr("-_", "+/") str = str.ljust((str.length + 3) & ~3, '=') strict_decode64(str) end ~~~ ---Files-------------------------------- base64-urlsafe-encode64-search-result.txt (19.9 KB) -- https://bugs.ruby-lang.org/