Post body could be parsed better in extract form params

Question

Post body could be parsed better in extract form params

clintecker opened this issue 15 years ago · 0 comments

Right now the current method will destroy the body if any of the params include +, =, or & in legitimate post date. This is because the post data is decoded before any of the splitting happens.

Current method:

extract_form_params: function(chunk){
    if( chunk == undefined ) { return }
    var chunks = decodeURIComponent(chunk).split('&')
    for(var i in chunks){
      var k_v = chunks[i].split('=')
      this[k_v[0]] = k_v[1]
    }
  }

Consider a post body which comes from someone typing the following text into a textarea named 'body':

This is a sentence & and I will type 2+2=4

The encoded body would be:

body=This+is+a+sentence+%26+and+I+will+type+2+2%3D4

The above method would decode this string into:

body=This+is+a+sentence+&+and+I+will+type+2+2=4

Then split on the erroneously decoded & to:

['body=This+is+a+sentence+','+and+I+will+type+2+2=4']

Then split on the one real = and the one "fake" one:

['body','This+is+a+sentence+']
['+and+I+will+type+2+2','4']

This is, I feel, better strategy:

// Replace all instances of + with %20
chunk = chunk.replace(/\+/g, '%20');
// Then split on unencoded ampersands
chunks = chunk.split('&');
// Iterate over chunks
for(var i in chunks){
    // Split on unencoded equals signs 
    var k_v = chunks[i].split('=')
    // Only decode data right before you stuff it into the store
    this[k_v[0]] = decodeURIComponent(k_v[1])
}

You end up with none of the annoying + in your final string, and you get the right results which is:

['body', 'This is a sentence & and I will type 2+2=4']

I'm willing to put this into a pull request if you agree with the sentiment ;)