Environment variables with URLs are incorrectly encoded with escape sequences (e.g., ':' becomes '\x3a')

[SoheilNK]

Does this issue occur when all extensions are disabled?: Yes/No

• VS Code Version: 1.100.0
• OS Version: Linux

Description

After updating to VS Code version 1.100.0, environment variables containing URLs are incorrectly encoded with escape sequences in the terminal environment. This causes issues with applications that parse these URLs, particularly in Django applications where CORS and CSRF settings require properly formatted URLs.

Steps to Reproduce

1. Open VS Code version 1.100.0 on Linux
2. Set environment variables containing URLs in your VS Code settings or launch.json, for example:

   {
     "env": {
       "FRONTEND_HOST": "http://localhost:5173",
       "BACKEND_HOST": "http://localhost:8000"
     }
   }

3. Open a terminal in VS Code and run env | grep HOST
4. Observe that the colon characters in the URLs are escaped as \x3a

Expected Behavior

Environment variables containing URLs should preserve the exact format that was specified, including colons and other special characters, without escaping them.

Actual Behavior

The colon characters (:) in URLs are being escaped as \x3a, causing issues with applications that require properly formatted URLs. For example, Django rejects these malformed URLs in CSRF_TRUSTED_ORIGINS and CORS_ALLOWED_ORIGINS settings.

Example output when running env | grep HOST:

FRONTEND_HOST=http\x3a//localhost\x3a5173
BACKEND_HOST=http\x3a//localhost\x3a8000

Environment

• VS Code Version: 1.100.0
• OS: Linux
• Python Extensions Installed:
  • Python (ms-python.python)
  • Pylance (ms-python.vscode-pylance)
  • GitHub Copilot (github.copilot)

Workaround

Use a script to manually fix the environment variables before running the application:

import os
os.environ['FRONTEND_HOST'] = 'http://localhost:5173'
os.environ['BACKEND_HOST'] = 'http://localhost:8000'

Additional Information

This issue causes Django applications to fail with errors such as:

(4_0.E001) As of Django 4.0, the values in the CSRF_TRUSTED_ORIGINS setting must start with a scheme (usually http:// or https://) but found http\x3a//localhost\x3a5173.
(corsheaders.E013) Origin 'http\\x3a//localhost\\x3a5173' in CORS_ALLOWED_ORIGINS is missing scheme or netloc

[VivianKeith]

I also found this bug. When I update VSCode to 1.100 version, the content of $PATH become: ...\x3a.vscode-server/cli/servers/Stable-19e0f9e681ecb8e5c09d8784acaa/server/bin/remote-cli\x3a\....
It seems like VSCode wrongly deals with environment varialbles encoding the ':' into '\x3a'. This leads to failed auto-activation of my conda env, beacause the conda env's python interperter and some dependencies path are not actually included in the $PATH which should be parsed by ":".

[jmesterh]

Upgraded VSCode to 1.100. I set environment variables in the devcontainer with the.env file.
All my environment variables with http:// are now http\\x3a//
This update needs to be pulled ASAP.

[Opsi]

Upgraded VSCode to 1.100. I set environment variables in the devcontainer with the.env file. All my environment variables with http:// are now http\\x3a// This update needs to be pulled ASAP.

I encountered the exact same problem. My workaround is that I run source .env in the terminal before starting my application. I agree this needs to be pulled ASAP

[Ryusuke-Kawasaki]

I am experiencing the same issue. I am developing a program in a Node.js environment and using dotenv to load environment variables. In this case, the issue can be avoided by temporarily applying the following solution:

const dotenv = require('dotenv');
dotenv.config({ override: true });  // ★ Added

If you are using python-dotenv in a Python environment, I believe the issue can similarly be avoided with the following:

from dotenv import load_dotenv
load_dotenv(override=True)

[ababak]

This happens on Windows with GitBash as well. The PATH variable gets corrupted, with all the "C:" paths turning into "C\x3a". Reinstalling the previous version helps fix this, but it causes issues with the new extensions.