About Escaping Passwords in HTTP Basic Authentication URLs

When using HTTP Basic Authentication URLs, don't forget to escape the passwords, because they might include characters such as these /@:#?&=+, which could break the URL parsing or introduce exploitations for hackers:

from urllib.parse import quote_plus

encoded_password = quote_plus(PASSWORD)
ELASTICSEARCH_DSL = {
    "default": {
        "hosts": f"https://{USER}:{encoded_password}@{DOMAIN}",
    }
}

Tips and Tricks Programming Security Django 5.2 Django 4.2 Django 3.2 Python 3 Django Elasticsearch DSL