-
Notifications
You must be signed in to change notification settings - Fork 17.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proposal: net/url: add QueryParser and QueryEncoder interfaces #56300
Comments
I don't think a global variable is a good idea: What happens if something parses a URL at init time? Or in a goroutine started at init time? Or if two places attempt to set the variable?
|
The simplest answer would be "don't do that". The globals haven't been an issue in other places in the standard library such as:
It's not my first choice in design decisions, but given the go1 compatibility promise, I think it's the most failsafe way for a user to divorce themselves from the default implementation. If concurrency is a concern, I think it'd be reasonable to keep the variables themselves at the package level and have a package level mutex and As a general rule I would consider it a faux pas to set it anywhere other than I should also note, and perhaps i wasn't clear in the proposal, that users of That is, http server should be extended to have a field:
which should be used if set, falling back to This might actually give a means to disable the log message that gets printed when (the log message was introduced in #25192)
This means that users need to maintain their own
Honestly, it didn't occur to me that it could be avoided in 1.19.2, I was under the impression that there was no way to restore prior behavior before 1.20. The release notes barely mentions it, let alone that it's breaking, and no public documentation was updated for it. The only place it's noted is on a comment made in the issue that initiated the change. I'm glad to know that there's an upgrade path until 1.20 comes out. The list of hacks is adding up though:
There's also the overhead of having document and teach all of this to anyone onboarding onto a codebase. At the end of the day, my program should be able to easily have a single consistent url parser that obeys the parsing rules I need it to follow. And I shouldn't have to fork Life would be so much easier if I could easily set a global parser & encoder once, and just explain what behavior that's needed out of it that the default parser and encoder don't provide. After two backwards incompatible changes in roughly a year, it'd feel much safer knowing that the go team can make whatever decisions around the default parser without impacting code that's very sensitive to parser changes. |
Summary
I would like to propose adding new interfaces to net/url to allow users to have control over url query string parsing and encoding implementations.
This can be done in a backwards compatible manner by
With the
DefaultQueryParser
andDefaultQueryEncoder
being package level variables, a user can set the implementations once inmain
orinit
. This allows the user to have confidence that their chosen implementation will be used, even if some usages have not yet been updated to accept a custom implementation.This approach allows users to gradually widen their API to accept a
QueryParser
orQueryEncoder
, allowing for implementation to be spread over multiple releases if necessary.Proposed Interface Addition
Rationale
Other systems have their own interpretations of the url RFCs, which are often at odds with how go interprets them. This creates situations where a behavior can be a security issue for one user, but an intentional and relied upon behavior for others. There is no single implementation that can serve all users.
By allowing custom implementations to be supplied, we're able to provide a safe default that covers the majority of use cases, but still allow users with very specific needs the flexibility to provide their own implementations.
Users of the package include
http.Server
and httputil.ReverseProxy`. Both are too large to reasonably expect users to fork in order to call their own parsing and encoding implementations.Historical Issues
There have been a number of issues surrounding query string parsing and encoding. Security issues have caused a number of backwards incompatible changes, which then motivated other changes to allow prior behavior to be restored.
For users sensitive to these changes, some of the above issues caused operational disruption. In other cases, the backwards compatibility breakages were in point releases.
Issues since proposal
edit: forgot
interface
keyword onQueryParser
andQueryEncoder
2022/11/21 edit: added Issues since proposal
The text was updated successfully, but these errors were encountered: