Skip to content

bug: Issue with issuer field containing ampersand and spaces #198

New issue
New issue
Open
Open
bug: Issue with issuer field containing ampersand and spaces#198
Labels
BugSomething isn't working
@POolos

Description

@POolos
POolos
opened on Jun 20, 2025

Bug type

Error at runtime

App version

5.4.9

Device environment

Android 11 on Redmi Note 8 Pro

Bug description

2FAS does not recognize the QR code generated from OTP URLs where the issuer contains an ampersand (&) followed by a space and additional characters, even if correctly URL-encoded.

Accountname : [email protected]
Issuer : This & that

QR code :

Image

Provisioning URL : otpauth://totp/This%20%26%20that%3Atest%40example.com?issuer=This%20%26%20that&secret=2AXYSYAQK7BWQL4PX7EA2VIIXVIPHZY4AIIOV7ECMDPNFSZG4QFNHZ2P3SDNSUOHO5FGZNNWUWXCCG42VTDCWNM5WRFFJNZKQIGWPTY

Solution

No solution identified yet.

Additional context

  • This & that does not work, and there may be other similar cases not yet identified.
  • Issuers like This&that or This & work fine.
  • URLs conform to RFC 3986
  • Other OTP apps accept these URLs.

Acknowledgements

  • This issue is not a duplicate of an existing bug report.
  • I understand that security vulnerabilities should be reported to [email protected] instead of on GitHub.
  • I have chosen an appropriate title.
  • All requested information has been provided properly.

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions