Home/ Questions/Q 1009905
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T09:00:00+00:00

I’m trying to understand what the input requirements are for base64 encoding. Nicholas Zakas,

  • 0

I’m trying to understand what the input requirements are for base64 encoding. Nicholas Zakas, who I have tremendous respect for has an article here where he quotes a specification that an error should be thrown if input contains any character with a code higher than 255 Zakas Article on base64

Before even attempting to base64 encode a string, you should check to see if the string contains only ASCII characters. Since base64 encoding requires eight bits per input character, any character with a code higher than 255 cannot be accurately represented. The specification indicates that an error should be thrown in this case:

if (/([^\u0000-\u00ff])/.test(text)){
        throw new Error("Can't base64 encode non-ASCII characters.");
    }

He provides a link in another separate part of the article to the RFC 3548 but I don’t see any input requirements other than:

Implementations MUST reject the encoding if it contains characters
outside the base alphabet when interpreting base encoded data, unless
the specification referring to this document explicitly states
otherwise.

Not sure what "base alphabet" means but perhaps this is what Zakas is referring to. But by saying they must reject the encoding it seems to imply that this is something that has already been encoded as opposed to the input (of course if the input is invalid it will also show up in the encoding so perhaps the point is moot).

A bit confused on what the standard is.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    For me the (first) linked article has a fundamental problem:

    Before even attempting to base64 encode a string, you should check to see if the string contains only ASCII characters

    You don’t base64 encode strings. You base64 encode byte sequences. And when you’re dealing with any kind of encoding work, it’s extremely important to keep in mind this difference.

    Also, his check for ‘ASCII’ actually lets through everything from 80 to ff, which aren’t ASCII – ASCII is only 00 to 7f.

    Now, if you have a string which you have checked is pure ASCII, you can then safely treat it as a byte sequence of the ASCII values of the characters in it – but this is a separate earlier step, nothing strictly to do with the act of base64 encoding.

    (I should say that I do like his repeated urging for the reader to note that base64 encoding is not in any shape or form encryption)

    • 0