From 651fa716b48e212d6ad5052ba6b3e06174ea4878 Mon Sep 17 00:00:00 2001
From: Emi Simpson <emi@alchemi.dev>
Date: Fri, 10 Jan 2020 14:18:15 -0500
Subject: [PATCH] Clean user, pass, and fragment from URL before writing

---
 src/main.rs | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/main.rs b/src/main.rs
index 27cf030..85f2bf7 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -10,6 +10,7 @@ use monolith::http::retrieve_asset;
 use monolith::utils::is_valid_url;
 use reqwest::blocking::Client;
 use reqwest::header::{HeaderMap, HeaderValue, USER_AGENT};
+use reqwest::Url;
 use std::collections::HashMap;
 use std::fs::{remove_file, File};
 use std::io::{Error, Write};
@@ -96,11 +97,17 @@ fn main() {
         );
 
         if !app_args.no_context {
+            // Safe to unwrap: We just put this through an HTTP request
+            let mut clean_url = Url::parse(&final_url).unwrap();
+            clean_url.set_fragment(None);
+            // Safe to unwrap: must have a protocol and thus base 'cause we just used it.
+            clean_url.set_password(None).unwrap();
+            clean_url.set_username("").unwrap();
             html.insert_str(
                 0,
                 &format!(
                     "<!--- Downloaded from {} on {}using {} v{} -->\n",
-                    &final_url,
+                    &clean_url,
                     downloaded_time.rfc822(),
                     env!("CARGO_PKG_NAME"),
                     env!("CARGO_PKG_VERSION"),