Unable to use = in Strings

telefonicaid / fiware-orion

Context Broker and CEF building block for context data management, providing NGSI interfaces.

https://github.com/telefonicaid/fiware-orion/blob/master/doc/manuals/orion-api.md

GNU Affero General Public License v3.0

210 stars 265 forks source link

Unable to use = in Strings #890

Closed yetzt closed 7 years ago

yetzt commented 9 years ago

When a String attribute contains the character "=" the i get

 "orionError": {
  "code": "400",
  "reasonPhrase": "Bad Request",
  "details": "Illegal value for JSON field"
 }

Really? Strings can't contain an '=' character? WTF.

fgalan commented 9 years ago

Limiting = (among other caracteres, such as https://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Publish/Subscribe_Broker_-_Orion_Context_Broker_-_User_and_Programmers_Guide#Forbidden_characters) is to prevent script injections attack in some circustances (e.g. cross domain to co-located web servers in the same hot that CB).

Maybe the limitation is too severe and we may make this more flexible in the future.

yetzt commented 9 years ago

so, you are on one hand annoying users who know what they're doing with such restrictions, and on the other hand feign security for users who don't. great.

jmcanterafonseca commented 9 years ago

@yetzt Have you considered codifying your strings in URL format? That would allow you to manage safely '=' strings or other strings not accepted by the NGSI protocol.

Last but not least, statements like "... WTF." are not aligned with Netiquette. I would kindly ask you to avoid them in conversations.

Thanks

fgalan commented 7 years ago

More than one year an a half has passed without activity in this issue. Closing.