-3

I have a URL string like this:

https://abc.abc.com/appp.WApi/api/v1/endpoint/picklist/?password=mypassword&username=myuser

I want to filter out the password and replace it: https://abc.abc.com/appp.WApi/api/v1/endpoint/picklist/?password=PLACEHOLDER&username=myuser

How can I do this with regular expressions?

I tried to do this: replace(/password=*&/, 'PLACEHOLDER');

and this:

replace(/password=(.+)&/, 'PLACEHOLDER');

but it did not work

user1261710
  • 2,539
  • 5
  • 41
  • 72
  • Well, first what have you tried? – Lloyd Sep 25 '17 at 15:41
  • Off topic, You have decent rep you should know how to post questions. – SamHoque Sep 25 '17 at 15:42
  • Why do you need regular expressions? It looks like a simple string replacement should do the trick. – Quentin Sep 25 '17 at 15:42
  • Possible duplicate of [Change URL parameters](https://stackoverflow.com/questions/1090948/change-url-parameters) – SubjectDelta Sep 25 '17 at 15:42
  • What research have you done? The amount you've demonstrated in the question makes this look like a "Do this work for me" problem. – Quentin Sep 25 '17 at 15:44
  • 1
    Surprised no-one's asked the question "why is there a password in your URL?" – Andy Sep 25 '17 at 15:48
  • 1
    It is usually best to send credentials over a POST request instead of a GET. 2 reasons I can think of- The password can be stored in server logs on the GET request. 2) The password will be shown in the url address bar and anyone that physically looks at the users computer will see it as well (I assume you are trying to prevent this at least) oh and also use SSL – Andrew Lohr Sep 25 '17 at 16:19

2 Answers2

2

The regex for this would be password=(.+?)& this assumes you have URL encoded the password and a simple js replace on the URL should fix it...

However, if you're sending passwords in a get request I think you might have bigger problems...

James Harrington
  • 3,138
  • 30
  • 32
0

This is the regular expression that works:

url.replace(/password=(.*?)&/g, 'password=PLACEHOLDER&')
user1261710
  • 2,539
  • 5
  • 41
  • 72
  • Just heads up this will match a blank password and the one I submitted will only match it the password has a length of 1 or more. Hence the difference in the + and the * quantifier. – James Harrington Oct 02 '17 at 16:57