Hi
On 4/29/25 10:54, ignace nyamagana butera wrote:
I have one last question while reviewing my polyfill implementation. Is it
worth it adding a SensitiveParameter attribute on the argument of the
following methods ?
- Uri\Rfc3986\Uri::withUserInfo
- Uri\WhatWg\Url::withPassword
I'm fine with any answer ? Does it warrant a paragraph in the RFC ? That I
do not know but I feel the question may be raised ?
Good catch. Since they may throw an exception for malformed inputs, they
should have the attribute. Especially since folks might try to use
special characters in passwords, which might need encoding.
No paragraph in the RFC needed, but the attribute should be added to the
“stub”.
Best regards
Tim Düsterhus
