Add option to decide what to do on invalid UTF-8 urlencoded params

elixir-plug / plug

Compose web applications with functions

https://hex.pm/packages/plug

Other

2.81k stars 578 forks source link

Add option to decide what to do on invalid UTF-8 urlencoded params #1200

Closed bradhanks closed 6 months ago

bradhanks commented 6 months ago

added error_code and byte_position to validate_utf8! added ascii optimization as found in String.valid? wrote tests for changes edited existing tests to incorporate "in position #{byte_position} added documentation

josevalim commented 6 months ago

There are many changes here. Can you please keep add them granularly? Although I don't think there is a need for position or to change the return type based on the code. It is a function with !, it should always raise.

bradhanks commented 6 months ago

Something like this?


  defp do_validate_utf8!(<<byte, _::bits>>, exception, context, error_code, byte_position) do
    case error_code do
      500 ->
        raise exception,
              "Internal Server Error (500): invalid UTF-8 on #{context}, got byte #{byte}"

      404 ->
        raise exception,
              "Page Not Found (404): invalid UTF-8 on #{context}, got byte #{byte}"

      error_code when error_code in 100..999 ->
        raise exception,
              "Status code #{error_code}: invalid UTF-8 on #{context}, got byte #{byte}"
    end
  end

josevalim commented 6 months ago

No, that does not change how the server is going to respond in any way. Can you take a step back and remind us what is your end goal? :) If you want to change the exception, it would be something like:

defexception [plug_status: Application.compile_env(...)]

When defining the exception being raised.