empty query parameter always normalised to "val=", even when originally without "="

Options
Hraban
Hraban
Community Member
in Mac

Hi all,

When a login URL has an empty query parameter, without equals sign ("="), the "open & fill" feature will always add an = sign. This breaks the spec (rfc3986 section 3.4 , which considers the query an opaque string, and rfc2616 which doesn't make an exception for this in URI equality matching), and it breaks at least one website I use.

Reproduce:

  1. create a login, user X password Y, url: https://example.com/?myparam
  2. click open & fill on that URL
  3. see yourself being redirected to https://example.com?myparam=

notice the extra = at the end.

It seems 1password is parsing the URL including parsing the querystring to add their "onepasswdfill" parameter, then reserialising. Unfortunately, their internal query string parse tree does not appear to disambiguate between parameters without = and those with.

Unrequested tip: I happen to do exactly this in at work (adding query params to existing URLs), and the most reliable, standards compliant way I've found of doing this, is also the ugliest: separator = url.has('?') ? '&' : '?'; url += separator + 'onepasswdfill=...'. It's ugly, but it is simple, doesn't require parsing anything and keeps the original URL intact. But that's completely up to you, of course.

Kind regards and thanks for the app,

Hraban

Comments

  • Lars
    Lars
    1Password Alumni
    Options

    Welcome to the forum, @Hraban! I'm sorry for the trouble, and thanks for such a detailed report. Unfortunately, I'm not able to reproduce that issue here. Using Safari, Chrome and Vivaldi, with a URL of https://example.com/?myparam and "dummy" data for user and password, I don't see an extra = being appended in any of the browsers after using Open & Fill. Am I missing something? What version of 1Password are you using, and on what version of macOS (and what browser(s)?)

  • Hraban
    Hraban
    Community Member
    Options

    Ah I should have mentioned I'm using FF (v65) with the official 1p plugin (v4.7.3.90). System wide 1p is v7.2.5. Mac mojave but I've had this bug since at least when I signed up a year ago.

  • Hraban
    Hraban
    Community Member
    Options

    Ha.. I just tried it on a different laptop with the same OS, browser etc, and it works fine here. This one never uses that intermediate URL with the "onepasswdfill=..." parameter, at all. I'll investigate further when I get back home.

  • Lars
    Lars
    1Password Alumni
    Options

    @Hraban - sounds good; let us know what you discover. :) :+1:

This discussion has been closed.