ronaldtse
commented
7 years ago I agree, we should extract the parameter consistency should be in a separate cleanser.
Open skalee opened 7 years ago
ronaldtse
commented
7 years ago I agree, we should extract the parameter consistency should be in a separate cleanser.
ribose-jeffreylau
commented
7 years ago @skalee, do you mean extracting Rack::Cleanser::InvalidURIEncoding which specifically checks for parameters consistency, as a separate cleanser?
skalee
commented
7 years ago @ribose-jeffreylau I mean that:
are two separate things and should be divided into two separate cleansers, if possible.
Following query string: a[b]=1&a[b][c]=conflicting is an example of inconsistent parameters structure because a[b] cannot be a scalar and a collection at the same time. Also, I want to say that there should be a configuration option to disable parameters structure consistency check because the special meaning of square brackets is only a popular convention, and applications are not obliged to follow it, neither Rack enforces it.
ribose-jeffreylau
commented
7 years ago Thanks for the clarification @skalee ! Agree on having an option for parameter structure consistency check.
Rack cleanser requires parameters to follow the Rails conventions. For example, query string:
?a[b]=1&a[b][c]=conflictingis a valid HTTP URI. However, Rack adds special meaning for[and]characters, here they denote collections. Although Rack allows to not follow this convention, theRack::Cleanser::InvalidURIEncodingcleanser relies on it.IMHO checks for parameter consistency should be extracted to a separate cleanser. (Although at the moment I'm not sure that it will be an easy thing to do.)