Geek Answers Handbook

What replacements must be made to provide a secure base 64 URL?

Looking for 64-bit URL encoding, I found this to be a very non-standard thing. Despite the abundance of built-in functions that PHP has, there is no URL for encoding with encoding. On the base64_encode() page for base64_encode() most comments suggest using this function wrapped in strtr() :

 function base64_url_encode($input) { return strtr(base64_encode($input), '+/=', '-_,'); }

The only Perl module I could find in this area is MIME :: Base64 :: URLSafe ( source ), which performs an internal replacement:

 sub encode ($) { my $data = encode_base64($_[0], ''); $data =~ tr|+/=|\-_|d; return $data; }

Unlike the PHP function above, this version of Perl completely discards the '=' (equals) character, rather than replacing it with a ',' (comma), as PHP does. Equals is a complementary symbol, so the Perl module replaces them as needed when decoding, but this difference makes these two implementations incompatible.

Finally, the Python function urlsafe_b64encode (s) supports the addition of '=', prompting someone to put this function in order to remove the indentation that appears noticeably in the Google results for 'python base64 url ​​safe' :

 from base64 import urlsafe_b64encode, urlsafe_b64decode def uri_b64encode(s): return urlsafe_b64encode(s).strip('=') def uri_b64decode(s): return urlsafe_b64decode(s + '=' * (4 - len(s) % 4))

The desire here is to have a string that can be included in the URL without further encoding, hence the groove or translation of the characters "+", "/" and "=". Since there is no specific standard , what is the right way?

+6
url php encoding perl base64
source share
5 answers

There seems to be a standard, this is RFC 3548 , Section 4, Base 64 Encoding with URL and File Name Safe Alphabet:

This encoding is technically identical to the previous one, with the exception of the 62: nd and 63: rd alphabetical characters, as specified in table 2.

+ and / should be replaced by - (minus) and _ (understrike) respectively. Any incompatible libraries must be wrapped to comply with RFC 3548.

Please note that this requires the URL to be encoded with the characters (pad) = , but I prefer over the URL encoding of the + and / characters from the standard base64 alphabet.

+9
source share

I do not think this is right or wrong. But the most popular encoding is

 '+/=' => '-_.'

It is widely used by Google, Yahoo (they call it Y64). The most reliable version of the encoders I've used in Java, Ruby supports this character set.

+8
source share

I would suggest running base64_encode output via urlencode. For example:

 function base64_encode_url( $str ) { return urlencode( base64_encode( $str ) ); }
+2
source share

If you ask about the correct path, I would go with the correct URL encoding, rather than arbitrary character substitution. Base64 encodes your data first, and then encodes special characters, such as "=", with proper URL encoding (ie %<code> ).

+1
source share

Why don't you try wrapping it in urlencode() ? The documentation is here.

0
source share

More articles: