Open skalee opened 7 years ago
I agree, we should extract the parameter consistency should be in a separate cleanser.
@skalee, do you mean extracting Rack::Cleanser::InvalidURIEncoding
which specifically checks for parameters consistency, as a separate cleanser?
@ribose-jeffreylau I mean that:
are two separate things and should be divided into two separate cleansers, if possible.
Following query string: a[b]=1&a[b][c]=conflicting
is an example of inconsistent parameters structure because a[b]
cannot be a scalar and a collection at the same time. Also, I want to say that there should be a configuration option to disable parameters structure consistency check because the special meaning of square brackets is only a popular convention, and applications are not obliged to follow it, neither Rack enforces it.
Thanks for the clarification @skalee ! Agree on having an option for parameter structure consistency check.
Rack cleanser requires parameters to follow the Rails conventions. For example, query string:
?a[b]=1&a[b][c]=conflicting
is a valid HTTP URI. However, Rack adds special meaning for[
and]
characters, here they denote collections. Although Rack allows to not follow this convention, theRack::Cleanser::InvalidURIEncoding
cleanser relies on it.IMHO checks for parameter consistency should be extracted to a separate cleanser. (Although at the moment I'm not sure that it will be an easy thing to do.)