querystringsafe-base64
Advanced tools
Encoding and decoding arbitrary strings into strings that are safe to put into a URL query param.
.. image:: https://travis-ci.org/ClearcodeHQ/querystringsafe_base64.svg?branch=v1.2.0 :target: https://travis-ci.org/ClearcodeHQ/querystringsafe_base64 :alt: Tests
.. image:: https://coveralls.io/repos/ClearcodeHQ/querystringsafe_base64/badge.png?branch=v1.2.0 :target: https://coveralls.io/r/ClearcodeHQ/querystringsafe_base64?branch=v1.2.0 :alt: Coverage Status
Encoding and decoding arbitrary strings into strings that are safe to put into a URL query param.
urlsafe_b64encode and urlsafe_b64decode from base64 are not enough because they leave = used for padding chars unquoted:
.. code-block:: python
import base64
base64.urlsafe_b64encode('a')
'YQ=='
And there are 2 problems with that
I. = sign gets quoted:
.. code-block:: python
import urllib
urllib.quote('=')
'%3D'
II. Some libraries tolerate the = in query string values:
.. code-block:: python
from urlparse import urlsplit, parse_qs
parse_qs(urlsplit('http://aaa.com/asa?q=AAAA=BBBB=CCCC').query)
{'q': ['AAAA=BBBB=CCCC']}
but the RFC 3986 underspecifies the query string so we cannot rely on = chars being handled by all web applications as it is done by urlparse.
Therefore we consider chars: ['+', '/', '='] unsafe and we replace them with ['-', '_', '.'].
Characters + and / are already handled by urlsafe_* functions from base64 so only = is left.
Since the = is used exclusively for padding, we simply remove it, and re-attach the padding during decoding.
Because of that, querystringsafe_base64 is able to decode padded and unpadded string.
.. code-block:: python
import querystringsafe_base64
querystringsafe_base64.encode(b'foo-bar')
b'Zm9vLWJhcg'
querystringsafe_base64.decode(b'Zm9vLWJhcg..')
b'foo-bar'
querystringsafe_base64.decode(b'Zm9vLWJhcg')
b'foo-bar'
FAQs
Encoding and decoding arbitrary strings into strings that are safe to put into a URL query param.
We found that querystringsafe-base64 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
AGENTS.md is a fast-growing open format giving AI coding agents a shared, predictable way to understand project setup, style, and workflows.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.