Comments (6)
What does Sinatra do in this case?
from jester.
With Sinatra it differs whether it is pure URL parameter vs Javascript value with POST-request. On GET-request it parses like decodeUrl()
.
Minimal example with Sinatra
Sinatra backend
require 'sinatra'
post '/' do
author = params['author']
msg = params["msg"]
puts author
puts msg
author
end
Javascript frontend
# B1
fetch("/?author=Message with plus+++signs", {
method: "POST",
body: new URLSearchParams( { msg: "Message with plus+++signs" })
})
Output on backend
The above Javascript (B1) uses inline URL parameters and formatted body. The server echo
(puts) these values:
127.0.0.1 - - [23/May/2023:16:02:36 +0200] "POST /?author=Message%20with%20plus+++signs HTTP/1.1" 200 25 0.0034
Message with plus signs <== This is the @author
Message with plus+++signs <== This is the @msg
What does Sinatra?
I'm no Ruby man.. I spent some time going through the code, but with no direct solution. is_frozen
, HEADER_PARAMS
..
from jester.
With Sinatra it differs whether it is pure URL parameter vs Javascript value with POST-request
Sounds like that is what we should do then :)
from jester.
With Sinatra it differs whether it is pure URL parameter vs Javascript value with POST-request
Sounds like that is what we should do then :)
Hehe, got you ;) .
Core problem
So, in Jester it all boils down to that non-URL params is already decoded within parseUrlQuery()
. So when also decoding within the @
-template we double decode - and that's some mess.
jester/jester/private/utils.nim
Line 39 in 88dad03
Approaches
I have tried three approaches. But both 1 and 2 have breaking changes...
First try
- Solution (1) changes how we transport the params around. Instead of a
Table[string, string]
we now usevar Table[string, tuple[value: string, frozen: bool]]
. By doing this we identify the frozen parameters when using@
. BUT now we will break code with:
for k, v in request.params:
# => Currently just a string
# => New: We now have tuple[string, bool]
master...ThomasTJdev:jester:decodeUrlParms
Second try
- Solution (2) removes the default decoding of non-URL params. Then we can always use
@
since nothing is decoded as default. BUT this introduces a breaking change for code with:
for k, v in request.params:
# => `v` is not decoded, so users have to decode the data
master...ThomasTJdev:jester:decodeUrlParms2
Third try
- Solution (3) just ensures that everything is decoded - even though it is not needed. We currently decode() non-URL params by default, so this code then just default decode() URL-params too. This has no breaking changes but adds an overhead with the decodeUrl().
EDIT
This is breaking change for users accessing the raw parameters. Example:
Current
var params: string
for k, v in c.req.params:
if params != "":
params.add("&")
params.add(k & "=" & v)
New
var params: string
for k, v in c.req.params:
if params != "":
params.add("&")
params.add(k & "=" & encodeUrl(v))
master...ThomasTJdev:jester:decodeUrlParms3
from jester.
Wow, very thorough. Thank you. I think the "Third try" is the best, but I don't have strong feelings to be honest :)
from jester.
I care a lot about your library here :) ! Third option is added as a PR.
from jester.
Related Issues (20)
- Double log output on http requests HOT 1
- Jester crashes when async sleeping HOT 5
- development on windows (httpbeast) HOT 1
- finally block getting called twice? HOT 3
- Support binding on IPv6 address
- `std/cgi` will be moved to nimble packages
- Runtime SIGBUS: HOT 1
- how to use the setCookie fuction? HOT 1
- Docs: adding sections
- formData identical keys
- Bump tag to give new version through nimble HOT 2
- The jester.nimble file needs to be updated for v0.6.0 HOT 2
- Cannot serve dynamic web pages HOT 1
- Jester is not working with nim version 2.0.0 HOT 4
- static folder not working HOT 3
- Fix for SIGSEGV: Illegal storage access from lib/system/orc.nim nimIncRefCyclic HOT 1
- [security issue] http 1.1 request smuggling HOT 1
- Error: type mismatch Expression: httpbeast.initSettings HOT 5
- Graphql support?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jester.