Reject non-str values in form data

[Dreamsorcerer]

Fixes #8052.

[Dreamsorcerer]

I made this branch 3 weeks ago, but didn't open a PR...
There might have been an issue with tests expecting an int, in which case this probably needs to be tweaked.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.55%. Comparing base (56aa261) to head (2e17493).
Report is 769 commits behind head on master.

✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #9292   +/-   ##
=======================================
  Coverage   98.55%   98.55%           
=======================================
  Files         107      107           
  Lines       34855    34867   +12     
  Branches     4128     4134    +6     
=======================================
+ Hits        34352    34364   +12     
  Misses        335      335           
  Partials      168      168           

Flag	Coverage Δ
CI-GHA	98.44% <100.00%> (+<0.01%)	⬆️
OS-Linux	98.10% <100.00%> (+<0.01%)	⬆️
OS-Windows	96.51% <100.00%> (+<0.01%)	⬆️
OS-macOS	97.79% <100.00%> (-0.01%)	⬇️
Py-3.10.11	96.19% <100.00%> (-1.59%)	⬇️
Py-3.10.15	97.70% <100.00%> (+<0.01%)	⬆️
Py-3.11.10	97.67% <100.00%> (+<0.01%)	⬆️
Py-3.11.9	97.74% <100.00%> (+<0.01%)	⬆️
Py-3.12.6	98.16% <100.00%> (+<0.01%)	⬆️
Py-3.13.0-rc.2	98.14% <100.00%> (+<0.01%)	⬆️
Py-3.9.13	97.67% <100.00%> (+<0.01%)	⬆️
Py-3.9.20	97.60% <100.00%> (+<0.01%)	⬆️
Py-pypy7.3.16	97.22% <100.00%> (+<0.01%)	⬆️
VM-macos	97.79% <100.00%> (-0.01%)	⬇️
VM-ubuntu	98.10% <100.00%> (+<0.01%)	⬆️
VM-windows	96.51% <100.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Dreamsorcerer]

Should we just restrict it to strings and only put it in v4? I'm not sure it really makes sense to allow non-str, given that urlencode() will just str() any arguments, and seems to lead to unexpected behaviour. There's probably a fair number of ints in the wild though, so probably don't want to push it in v3.

[bdraco]

Need to think about this one. Yarl is very flexible about encoding params to string for query string and we know that’s heavily used…. But all the type checks add up quick. Maybe that’s not even relevant for this case

[Dreamsorcerer]

Need to think about this one. Yarl is very flexible about encoding params to string for query string and we know that’s heavily used…. But all the type checks add up quick. Maybe that’s not even relevant for this case

Yeah, this is about FormData creating 'x-www-form-urlencoded' data. Yarl isn't involved here.

[Dreamsorcerer]

The main issue is unexpected results, like data={"foo": None} results in foo=None which seems to surprise some people, though what they expect it to do is not consistent, so I'd like to just reject anything that is not a string.

params is where yarl does the query encoding, which is a completely separate thing.

[bdraco]

I think it’s ok. I probably wouldn’t backport it though