Special characters of input cause ERROR while parsing params

[robobakery]

Thanks for your amzaing library that saved me a lot.

I would like to report a bug, while sending forms through socket. It seems like, several characters are making a confusion to parser.

for example, (1) % causes invalid www-form error (encoded form of ascii like %25 is okay) (2) & makes my input params to be divided.

and because of (2), when handling wyswig editor's innerHTML to be escaped also causes problems. (such as   < etc ..)

here's my code snippet

<form>
  <div class="form-group">
    <label for="accordion_body" class="form-label">body</label>
    <textarea id="accordion_body" name="accordion_body"><%= @accordion.body %></textarea>
  </div>
  <input id="widget_name_of_accordions" name="widget_name" value="accordion" class="hidden"/>
  <button class="btn btn-primary hidden" drab-click="save_accordion">Save</button>
</form>

and,, here's the test case accordion_body: Default Text will be like&lt ;THIS&gt ;

finally, the sender.params

%{"accordion_body" => "Default Text will be like",
  "lt;THIS" => nil, "gt;" => nil,
  "widget_name" => "accordion"}

i hope this information could help . thank you.

original post

[robobakery]

Update: In Drab.Core (line 172 ~)

While combining key value pairs of form into queryParams format, several characters like '%' and '&' can cause the problem.

Introducing URI Encoding might be a fix.

  def normalize_params(params) do
    Enum.reduce(params, "", fn {k, v}, acc ->
      acc <> k <> "=" <> v <> "&"
    end)
    |> String.trim_trailing("&")
    |> Plug.Conn.Query.decode()
  end