-1

When using Python urlparse on this URL i get this error

urlparse("https://a:=?@1.2.3.4:123").port

---------------------------------------------------------------------------
ValueError                                Traceback (most recent call last)
<ipython-input-95-4f5e20527e52> in <module>
----> 1 urlparse("https://a:=?@1.2.3.4:123").port

~/.pyenv/versions/3.7.8/lib/python3.7/urllib/parse.py in port(self)
    167         port = self._hostinfo[1]
    168         if port is not None:
--> 169             port = int(port, 10)
    170             if not ( 0 <= port <= 65535):
    171                 raise ValueError("Port out of range 0-65535")

ValueError: invalid literal for int() with base 10: '='

Is =? not legal chars in the basic password or is the urlparse implementation incorrect?

Amir Rossert
  • 1,003
  • 2
  • 13
  • 33
  • 2
    Isn't it the first `:` that is messing up the parsing? The parser is trying to parse `=?@1.2.3.4:123` as a port. – khelwood Oct 04 '21 at 08:27
  • The `?` indicated the beginning of a query string in the URL. You should URL-encode it: `%hex_value`. – Klaus D. Oct 04 '21 at 08:29
  • @khelwood the `:` is for the `user:pass` format. – Amir Rossert Oct 04 '21 at 08:31
  • @KlausD. I have all the URL as a string, should I encode all of it? – Amir Rossert Oct 04 '21 at 08:33
  • Does this answer your question? [How to pass special character in URL in windows authentication?](https://stackoverflow.com/questions/49899423/how-to-pass-special-character-in-url-in-windows-authentication) – KiraLT Oct 04 '21 at 08:39

2 Answers2

2

If the user and password field contain any ":", "@", or "/" characters, that must be encoded. See the explanation in rfc1738(Common Internet Scheme Syntax)

>>> import urllib.parse
>>>
>>> r = urllib.parse.urlparse("https://a:=%3F@1.2.3.4:123")
>>> print(r)
ParseResult(scheme='https', netloc='a:=%3F@1.2.3.4:123', path='', params='', query='', fragment='')
>>> print(r.port)
123
Abdul Niyas P M
  • 18,035
  • 2
  • 25
  • 46
  • Thanks for the reply but in my example, the password does not contain any of ":" "@" or "/", it seems that the "?" in the password causing the issue. – Amir Rossert Oct 04 '21 at 19:26
0

Passing the user/pass as part of the url will not work in most of the major browsers (FF, Safari, IE, Chrome etc).

The reason for that is that it's not secure to pass credentials as clear-text (part of the URL).

For more reading see section 4.1 of this RFC

You may also be interested in reading the following:

Nir Alfasi
  • 53,191
  • 11
  • 86
  • 129