New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The usage of the &str
type is potentially misleading.
#43
Comments
This is by design. You can use an |
As mentioned, I think that considering a documentation bug would be a major mistake. It sets up the expectation that everything could have hidden gotchas in the docs. Most people will just try what they expect to work, which may or not make it obvious to them what is happening. This is extremely subtle behavior that is not made at all explicit by the API I think a much better approach would be to provide a |
I also didn't realize that the same behavior occurred in |
I fully support sgrif's arguments. I'm going to use the framework for a toy project and this is definitely something I wouldn't have expected. A |
Keep in mind 'Principle of Least Surprise'. |
I've reconsidered my position. Here's the design I'd like to move to: Add a new type |
Content-Type: application/x-www-form-urlencoded
are not properly decoded for &str fields&str
type is potentially misleading.
@SergioBenitez Now the user only need to do is import the |
Moreover, we can also implement the |
Steps to reproduce:
Have a route with the following code:
Create a template with the following HTML, and submit it using a browser
Expected behavior
The response "Everything is fine" is rendered
Actual behavior
The value of the field is "A+value+with+spaces", causing the assertion to fail and a 500 to be returned.
Additional details
This only applies to values of
&str
and notString
, so I'm assuming that&str
is unconditionally pointing at the raw request data to avoid any allocation. Even if this behavior is documented (I couldn't find it mentioned), I think this is a surprising behavior and likely to be a common source of confusion. At absolute minimum this should produce some kind of error, but even that is a sub-optimal solution as it would lead to unexpected gotchas for users who do not test their inputs with spaces.I'd expect the framework to be allocating internally if needed to properly handle decoding entities, and pointing at the raw request data if possible. I would never expect the framework to force me to care about encoding or content-type specific details unless I've specifically asked for some form of "raw" data.
I have not checked, but I suspect there are likely similar issues if the request is submitted with a charset other than UTF-8, and for JSON requests that would require additional decoding (such as an escaped backslash character).
The text was updated successfully, but these errors were encountered: