and when the rule is also wrong
example:
password must contain special charcters
the password contained : and ^ if those aren’t special characters idk what is
maybe they were looking for extra special characters like 🁄 or ⶸ. Who am I kidding, RFC 1738 tells us that literally everything is unsafe and you know, we need to prepare for the inevitable occasion when the password somehow ends up inside an URL.
The characters “<” and “>” are unsafe because they are used as the delimiters around URLs in free text;
the quote mark (“”") is used to delimit URLs in some systems.
The character “#” is unsafe
The character “%” is unsafe
It ends up with
Thus, only alphanumerics, the special characters
$ - _ . + ! * ’ ( ) ,
are safe
and when the rule is also wrong example: password must contain special charcters the password contained : and ^ if those aren’t special characters idk what is
maybe they were looking for extra special characters like 🁄 or ⶸ. Who am I kidding, RFC 1738 tells us that literally everything is unsafe and you know, we need to prepare for the inevitable occasion when the password somehow ends up inside an URL.
It ends up with