liquid icon indicating copy to clipboard operation
liquid copied to clipboard
verified publisher icon Shopify

Base64 URL Safe Implementation

Open microalps opened this issue 1 year ago • 4 comments

Base64 filters were added in Liquid 5.1 together with URL safe variants. There seems to be two variants out in the wild, and the question is can/should Liquid support both? base64_url_safe_decode supports both. base64_url_safe_encode does not.

  1. Ruby's implementation swaps + and / only
  2. Microsoft's implementations (Microsoft.IdentityModel.Tokens, System.Buffers.Text of .NET9) also remove the = padding.

RFC 4648

The pad character "=" is typically percent-encoded when used in an URI, but if the data length is known implicitly, this can be avoided by skipping the padding

Mozilla defines it as

A common variant is "Base64 URL safe", which omits the padding and replaces +/

Related to dotliquid#542

microalps avatar Dec 03 '24 16:12 microalps

@dinsley @gmalette Do you have any insight on this?

microalps avatar Dec 25 '24 03:12 microalps

I don't have insight on this

gmalette avatar Jan 06 '25 13:01 gmalette

Adding that even the documentation that Shopify is pointing to mentions the padding should be omitted.

https://github.com/Shopify/liquid/blob/2d0442798b5bf43e52a7e300727a646209eb32cc/lib/liquid/standardfilters.rb#L176

sebastienros avatar Feb 27 '25 00:02 sebastienros

I tried to create a PR to fix this issue

https://github.com/Shopify/liquid/pull/1921

sebastienros avatar Feb 27 '25 01:02 sebastienros