Closed Sunz3r closed 8 years ago
Not generating for "strange" node_ids is obviously suboptimal. What exactly causes what to stop? Can we fix it by replacing "strange" characters?
Characters like : stops working the script. You can inject code with the node_id therefore replacing characters are not needed because this should only prevent errors.
Please don't use non-alphanumeric characters in your node id (I have changed my mind about this, in case you're reading older issues about this topic). This is a won't fix.
You wont fix a possible secuity issue? Everyone can break this script by send bad node_ids. Maybe i blog a warning about this problem so we dont need to fix this if everyone knows about it?
Well, I may accept a PR that simply rejects nodes with invalid data. This PR, however, introduces some strange undocumented behaviour that may cause more trouble than harm.
This would be the right place to implement it: https://github.com/ffnord/ffmap-backend/blob/master/lib/validate.py
Thanks, i just push another PR with proper implementation :)
if node_id contains invalid characters then the script stop working