Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ability to pass options to qs for payload parsing #2480

Closed
kpjf opened this issue Mar 23, 2015 · 10 comments
Closed

Ability to pass options to qs for payload parsing #2480

kpjf opened this issue Mar 23, 2015 · 10 comments
Assignees
Labels
Milestone

Comments

@kpjf
Copy link

@kpjf kpjf commented Mar 23, 2015

I'm working away on my project and noticed that when I hit a certain amount of objects in my post data that it the data in the payload was changing from a normal array ( i.e. zero indexed ) to an associative array.

As an example (I've only included the necessary details, I can add a working code snippet if needed), if you have the following form:

<form action="/dummy" method="POST">
    <input type="hidden" name="dummy[0]" value="testing">
    <input type="hidden" name="dummy[1]" value="testing">
    <input type="hidden" name="dummy[2]" value="testing">
    <input type="hidden" name="dummy[3]" value="testing">
    <input type="hidden" name="dummy[4]" value="testing">
    <input type="hidden" name="dummy[5]" value="testing">
    <input type="hidden" name="dummy[6]" value="testing">
    <input type="hidden" name="dummy[7]" value="testing">
    <input type="hidden" name="dummy[8]" value="testing">
    <input type="hidden" name="dummy[9]" value="testing">
    <input type="hidden" name="dummy[10]" value="testing">
    <input type="hidden" name="dummy[11]" value="testing">
    <input type="hidden" name="dummy[12]" value="testing">
    <input type="hidden" name="dummy[13]" value="testing">
    <input type="hidden" name="dummy[14]" value="testing">
    <input type="hidden" name="dummy[15]" value="testing">
    <input type="hidden" name="dummy[16]" value="testing">
    <input type="hidden" name="dummy[17]" value="testing">
    <input type="hidden" name="dummy[18]" value="testing">
    <input type="hidden" name="dummy[19]" value="testing">
    <input type="hidden" name="dummy[20]" value="testing">
    <input type="submit" value="submit" />
</form>

I'll get the data in my payload object as:

{ dummy: [ 'testing', 'testing', 'testing', 'testing', 'testing', 'testing', 'testing', 'testing', 'testing', 'testing', 'testing', 'testing', 'testing', 'testing', 'testing', 'testing', 'testing', 'testing', 'testing', 'testing', 'testing' ] }

But when my form has an additional input: <input type="hidden" name="dummy[21]" value="testing"> then the data is coming back as an associative array. A la,

{ dummy: { '0': 'testing', '1': 'testing', '2': 'testing', '3': 'testing', '4': 'testing', '5': 'testing', '6': 'testing', '7': 'testing', '8': 'testing', '9': 'testing', '10': 'testing', '11': 'testing', '12': 'testing', '13': 'testing', '14': 'testing', '15': 'testing', '16': 'testing', '17': 'testing', '18': 'testing', '19': 'testing', '20': 'testing', '21': 'testing' } }

Given I'm explicitly setting the key values in the form input name attributes, the latter is the expected result. That said, the former is a nice feature.

Is this something that the hapi core is doing? Or am I doing something unexpected (explicitly adding the 0 indexed keys aside)?

@hueniverse
Copy link
Contributor

@hueniverse hueniverse commented Mar 23, 2015

@nlf ?

@nlf
Copy link
Member

@nlf nlf commented Mar 23, 2015

currently that's intentionally done within qs for security reasons, the default is 20 items in an array before it will be coerced into an object with numerical keys.

qs allows overriding that limit, i'd have to look to see if hapi lets you pass options to qs for payload parsing. or i'm sure @hueniverse knows.

@Marsup
Copy link
Contributor

@Marsup Marsup commented Mar 23, 2015

Just curious, what's the security reason ?

@nlf
Copy link
Member

@nlf nlf commented Mar 23, 2015

So the limit actually only applies when manually indexing keys. The reason for the limit is because without it, you can easily create sparse arrays of an arbitrary length which can cause a crash.

@kpjf
Copy link
Author

@kpjf kpjf commented Mar 23, 2015

Okay I think I understand the reasoning now. So this prevents a user creating dummy[0] with some data, then dummy[100000], as such creating a large nothing array which would create memory issues, etc...

Thanks for the clarity.

@hueniverse
Copy link
Contributor

@hueniverse hueniverse commented Mar 24, 2015

We don't currently have a way to pass options to qs but I'm open to a clear PR adding it.

@hueniverse hueniverse changed the title Auto parsing of post data? Ability to pass options to qs for payload parsing Mar 24, 2015
@kpjf
Copy link
Author

@kpjf kpjf commented Mar 24, 2015

I don't much knowledge of hapi's core, but I do want to get to know it more if I'm going to using it on public projects. So I can have a look at this to get more exposure to the code and get a better idea of how it does what it does.

@kpjf
Copy link
Author

@kpjf kpjf commented Mar 25, 2015

FYI I created a PR in hapi/subtext that allows for passing of qs options. If / when that gets merged I can create a PR here to have new payload parsing options added here.

@DavidTPate
Copy link

@DavidTPate DavidTPate commented Mar 26, 2015

Linking the two together. hapijs/subtext#7

hueniverse pushed a commit that referenced this issue May 21, 2015
closes #2480: Ability to pass options to qs for payload parsing
@hueniverse hueniverse added this to the 8.5.0 milestone May 21, 2015
@hueniverse hueniverse self-assigned this May 21, 2015
@hueniverse hueniverse reopened this May 21, 2015
@hueniverse hueniverse removed this from the 8.5.0 milestone May 21, 2015
hueniverse added a commit that referenced this issue Aug 11, 2015
@hueniverse hueniverse added this to the 8.8.0 milestone Aug 11, 2015
@hueniverse hueniverse closed this Aug 11, 2015
@Marsup Marsup added feature and removed request labels Sep 20, 2019
@lock
Copy link

@lock lock bot commented Jan 9, 2020

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.

@lock lock bot locked as resolved and limited conversation to collaborators Jan 9, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants