this post was submitted on 19 Jan 2026
395 points (99.7% liked)

Programmer Humor

29741 readers
2031 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
395
Mo Validation Mo Problems (infosec.pub)
submitted 3 weeks ago* (last edited 3 weeks ago) by qaz@lemmy.world to c/programmer_humor@programming.dev
58 comments fedilink hide all child comments
 

...

you are viewing a single comment's thread
view the rest of the comments
[–] sus@programming.dev 12 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

maybe they were looking for extra special characters like πŸ„ or βΆΈ. Who am I kidding, RFC 1738 tells us that literally everything is unsafe and you know, we need to prepare for the inevitable occasion when the password somehow ends up inside an URL.

The characters "<" and ">" are unsafe because they are used as the delimiters around URLs in free text;
the quote mark (""") is used to delimit URLs in some systems.
The character "#" is unsafe
The character "%" is unsafe

It ends up with

Thus, only alphanumerics, the special characters
$ - _ . + ! * ' ( ) ,
are safe

[–] protogen420@lemmy.blahaj.zone 5 points 3 weeks ago (1 children)

I am going put null on my password and you aren't stopping me

[–] Baizey@feddit.dk 2 points 3 weeks ago

Also [object Object] is always a classic to mess with any js

[–] planish@sh.itjust.works 5 points 3 weeks ago

If the password is going in URLs you already have a problem.