Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

RFC: Where to patch to enforce maxlength in Mech?

by davidrw (Prior)
on Jan 08, 2008 at 13:50 UTC ( #661086=perlmeditation: print w/ replies, xml ) Need Help??

This is spawned from looking into problem loggin into pm .. It appears that the problem there was that a field value was too long -- the browser respects the http attribute maxlength=8, and so truncates the value before posting. But when trying to submit the form directly w/WWW::Mechanize, it doesn't know to truncate, and sends the full string, and authentication must fail because server compares against the 8-character password.

So i started poking at WWW::Mechanize and HTML::Form to see where logic could be added to truncate values if the input field has a maxlength, and came up w/two potential spots:

(A) In HTML::Form::TextInput::value() (it's defined in HTML/Form.pm), change $self->{value} = shift; to:
my $v = shift; my $n = exists $self->{maxlength} ? $self->{maxlength} : undef; $self->{value} = $n ? substr($v,0,$n) : $v;

(B) In WWW/Mechanize.pm, add logic in the field() and set_fields() methods to do the same thing, where $n = $form->find_input(...)->{maxlength}. Would have to do something to the $form->value($name => $value); calls, too.

While (B) limits it to this specific case, it's a much messier implementation, and breaks encapsulation.

Thoughts/comments?
(A) vs (B)?
Or (C) of neither, and user constructing the post should know the limits/restrictions?
Also, should (probably yes?) either solution be conditional on some option/config setting so as to leave default behavior alone?

Comment on RFC: Where to patch to enforce maxlength in Mech?
Select or Download Code
Re: RFC: Where to patch to enforce maxlength in Mech?
by Fletch (Chancellor) on Jan 08, 2008 at 16:03 UTC

    I'd go for making it optional and/or easily turned off as I could see applications where one would want to be able to misbehave (e.g. penetration testing, sending intentionally malformed/oversized input to check that the receiver is well behaved)

    The cake is a lie.
    The cake is a lie.
    The cake is a lie.

Re: RFC: Where to patch to enforce maxlength in Mech?
by perrin (Chancellor) on Jan 08, 2008 at 16:34 UTC
    It belongs in HTML::Form, where the enforcement of hidden fields is. However, it must be optional. The hacky way of turning off the hidden field behavior of HTML::Form is the most irritating thing about Mechanize.
      I thought about it some more and just went w/a patch that adds a warning. That would help at least identify times when this is quietly causing a problem (like the post that started this) and is a nice easy, straight-forward, non-intrusive patch. Patch: http://rt.cpan.org//Ticket/Display.html?id=32239

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlmeditation [id://661086]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (12)
As of 2014-10-23 18:31 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (126 votes), past polls