fix: don't update url after character-limit #458
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Request URI Too Large
The issue was that the URL bar was being updated with the entire paste, even though it was truncated in the textarea.
Rather than fixing that behavior, I thought we could just remove our truncation logic from
#handleInput
and rely on the browser for this, though.The
textarea
element has amaxLength
attribute, where we can set to the character limit. Now, the user-agent handles truncation for us in a manner the user should be used to.Note: This mostly resolves the problem. I don't see this happening with normal usage, but if a user wanted to try to break things, it's possible. Special characters add multiple chars to the URL bar, so a user could manually submit a query of 1,400+ line breaks, for example, to reproduce the issue, even after this fix.
Despite that, I think that this is a good enough fix to close out the issue.
Line Endings
While testing this behavior, I encountered a bug which is resolved by this PR as well, though the solution is a little hacky.
The spec for Form Data enforces CRLF (
\r\n
) line endings. When taking that approach to communicate with the API, the character counts mismatch between what the user submitted and what the server receives.For example, I used the web UI to submit a 2,000-character query. However, the server actually received a 2,029-character query, and responded with a 400 because the query was "too long".
In reality, all
\n
characters were converted to\r\n
, silently adding bytes to the request.I've added an intermediate step if Form Data is used for communication, which normalizes the line endings to UNIX style.
Alternative Approaches
q
to compare the length, but not actually modifyq
.char_limit
, i.e.char_limit + q.count("\n")
, but then users could spam and process larger requests, which is undesirable, even if it's just noise.Screenshots
Screencast.from.2023-07-08.03-56-30.webm
Screencast.from.2023-07-08.03-57-07.webm
Related