Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should be able to not use qs for urlencoded parsing #19

Closed
dougwilson opened this issue May 11, 2014 · 6 comments
Closed

Should be able to not use qs for urlencoded parsing #19

dougwilson opened this issue May 11, 2014 · 6 comments
Assignees
@dougwilson
Labels
enhancement

Comments

@dougwilson
Copy link
Contributor

It's too bad using qs is the default, but at least we should provide an option to use something else like querystring that can parse flat to reduce the attack surface of applications. This would let users parse with urlencoded and not have to handle complex values.
dougwilson added a commit that referenced this issue May 11, 2014
@dougwilson
WIP: option to parse urlencoded with querystring
261056c 
closes #19
dougwilson added a commit that referenced this issue May 12, 2014
@dougwilson
WIP: option to parse urlencoded with querystring
381d657 
closes #19
@jonathanong
Copy link
Member

i would rather have querystring be default and qs be an option, but that was break backwards compatibility.

@dougwilson
Copy link
Contributor Author

i would rather have querystring be default and qs be an option

me too

but that was break backwards compatibility.

yep, but we can just switch it at the next major :D

@dougwilson dougwilson self-assigned this May 27, 2014
@dougwilson dougwilson mentioned this issue May 30, 2014
Closed
@callmewa callmewa mentioned this issue May 30, 2014
Closed
@callmewa
Copy link

When will npm reflect this change?

@dougwilson
Copy link
Contributor Author

Probably later today. I don't like to rush out a release too quickly because next thing I know I realize something I forgot and it quickly leads to a second patch release :)

Anyway, after the release (which will be 1.3.0) you will need to parse with app.use(bodyParser.urlencoded({ extended: false }))

@dougwilson
Copy link
Contributor Author

@callmewa I published it

@callmewa
Copy link

callmewa commented Jun 1, 2014

thanks Doug!

On Sat, May 31, 2014 at 3:58 PM, Douglas Christopher Wilson <
notifications@github.com> wrote:

@callmewa https://github.com/callmewa I published it


Reply to this email directly or view it on GitHub
#19 (comment)
.

@totherik totherik mentioned this issue Jun 19, 2014
Merged
@expressjs expressjs locked and limited conversation to collaborators Jul 20, 2014
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dougwilson dougwilson

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dougwilson @jonathanong @callmewa