Crash my webserver!
Andrea Fontana
nospam at example.org
Sun May 14 13:53:49 UTC 2023
On Sunday, 14 May 2023 at 11:32:46 UTC, Vladimir Panteleev wrote:
> On Sunday, 14 May 2023 at 10:56:29 UTC, Andrea Fontana wrote:
>> Hmm I don't think you can use utf-8 encoding in your request.
>> I think everything must be encoded as old US-ASCII.
>
> Oh also, I noticed that bad UTF-8 in URLs is rejected. Unless
> you're decoding UTF for the purpose of validating that further
> logic doesn't have to deal with bad UTF-8, that also indicates
> a potential inefficiency. Web servers don't need to do any
> UTF-8 decoding, but it's very easy to do it accidentally in D.
I'm doing some validations on data because that data is parsed
and stored for serverino's users :)
The UTF problem is actually a catched UTFException thrown by
urlencode/decode of std library.
And I'm trying to keep it a bit safe for user, let's say. I don't
think any browser will send an invalid utf sequence as url, it
sounds like you're trying to make some attack and I give you back
a 400 bad request error.
It's not the only check I'm doing anyway.
I'm trying to understand what's wrong with mojibake, still not
sure it is a bug :)
Andrea
More information about the Digitalmars-d
mailing list