this post was submitted on 19 Jan 2026
352 points (98.9% liked)

Programmer Humor

28805 readers
377 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
352
Mo Validation Mo Problems (lemmy.world)
submitted 1 week ago* (last edited 5 days ago) by qaz@lemmy.world to c/programmer_humor@programming.dev
68 comments fedilink hide all child comments
 

...

you are viewing a single comment's thread
view the rest of the comments
[–] protogen420@lemmy.blahaj.zone 16 points 1 week ago* (last edited 6 days ago) (3 children)

and when the rule is also wrong example: password must contain special charcters

the password in question contained : and ^

if those aren't special characters idk what is

[–] sus@programming.dev 13 points 6 days ago* (last edited 6 days ago) (2 children)

maybe they were looking for extra special characters like πŸ„ or βΆΈ. Who am I kidding, RFC 1738 tells us that literally everything is unsafe and you know, we need to prepare for the inevitable occasion when the password somehow ends up inside an URL.

The characters "<" and ">" are unsafe because they are used as the delimiters around URLs in free text;
the quote mark (""") is used to delimit URLs in some systems.
The character "#" is unsafe
The character "%" is unsafe

It ends up with

Thus, only alphanumerics, the special characters
$ - _ . + ! * ' ( ) ,
are safe

[–] planish@sh.itjust.works 5 points 5 days ago (1 children)

If the password is going in URLs you already have a problem.

[–] Quibblekrust@thelemmy.club 1 points 2 days ago (1 children)

It's safe for https.

[–] planish@sh.itjust.works 1 points 1 day ago (1 children)

In terms of the transport, sure.

But if you put the password in a URL, the user's browser is going to turn around and store that plaintext password in its history, then sync it to the user's other devices, and then pop it up on their screen in the address bar autocomplete, perhaps when the user is screen sharing or streaming to hundreds of people. The browser does not expect a password to be stored there and will mishandle it.

[–] Quibblekrust@thelemmy.club 2 points 1 day ago

Nah, if you type a password in a url, it gets turned into asterisks. Look: https://google.com/?password********************

[–] protogen420@lemmy.blahaj.zone 5 points 6 days ago (1 children)

I am going put null on my password and you aren't stopping me

[–] Baizey@feddit.dk 2 points 5 days ago

Also [object Object] is always a classic to mess with any js

[–] fibojoly@sh.itjust.works 7 points 6 days ago

I never get bored of discovering yet another software that gets broken because someome put a dollar sign in their password...

[–] bestboyfriendintheworld@sh.itjust.works 1 points 6 days ago (1 children)

Often only a few special characters are accepted. Punctuation yes, emoji no.

[–] topherclay@lemmy.world 2 points 5 days ago

"Punctuation yes, emoji no" sounds like something a grade school teacher would have embroidered on a throw pillow.