Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"

RFC: Where to patch to enforce maxlength in Mech?

by davidrw (Prior)
on Jan 08, 2008 at 13:50 UTC ( #661086=perlmeditation: print w/replies, xml ) Need Help??

This is spawned from looking into problem loggin into pm .. It appears that the problem there was that a field value was too long -- the browser respects the http attribute maxlength=8, and so truncates the value before posting. But when trying to submit the form directly w/WWW::Mechanize, it doesn't know to truncate, and sends the full string, and authentication must fail because server compares against the 8-character password.

So i started poking at WWW::Mechanize and HTML::Form to see where logic could be added to truncate values if the input field has a maxlength, and came up w/two potential spots:

(A) In HTML::Form::TextInput::value() (it's defined in HTML/, change $self->{value} = shift; to:
my $v = shift; my $n = exists $self->{maxlength} ? $self->{maxlength} : undef; $self->{value} = $n ? substr($v,0,$n) : $v;

(B) In WWW/, add logic in the field() and set_fields() methods to do the same thing, where $n = $form->find_input(...)->{maxlength}. Would have to do something to the $form->value($name => $value); calls, too.

While (B) limits it to this specific case, it's a much messier implementation, and breaks encapsulation.

(A) vs (B)?
Or (C) of neither, and user constructing the post should know the limits/restrictions?
Also, should (probably yes?) either solution be conditional on some option/config setting so as to leave default behavior alone?

Replies are listed 'Best First'.
Re: RFC: Where to patch to enforce maxlength in Mech?
by Fletch (Chancellor) on Jan 08, 2008 at 16:03 UTC

    I'd go for making it optional and/or easily turned off as I could see applications where one would want to be able to misbehave (e.g. penetration testing, sending intentionally malformed/oversized input to check that the receiver is well behaved)

    The cake is a lie.
    The cake is a lie.
    The cake is a lie.

Re: RFC: Where to patch to enforce maxlength in Mech?
by perrin (Chancellor) on Jan 08, 2008 at 16:34 UTC
    It belongs in HTML::Form, where the enforcement of hidden fields is. However, it must be optional. The hacky way of turning off the hidden field behavior of HTML::Form is the most irritating thing about Mechanize.
      I thought about it some more and just went w/a patch that adds a warning. That would help at least identify times when this is quietly causing a problem (like the post that started this) and is a nice easy, straight-forward, non-intrusive patch. Patch:

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlmeditation [id://661086]
Approved by Corion
[Corion]: ambrus: No, you're misunderstanding. If you place content too far on the left/right/top/ bottom, people might not see it because the view is obstructed ;)(
[Corion]: In Amsterdam, the screen went down to the bottom of the stage (60cm above ground) and the seating was on the ground, meaning that the rows in the back couldn't see the bottom of slides.
[Corion]: There also were some columns that meant that maybe you couldn't see the left/right edge of a slide.
[ambrus]: Corion: Sure. I've had a course in a 50 seat lecture hall that has two fucking columns in the middle.
[Corion]: Talking about it, the top should be fairly visible in the situations I've experienced at least. The top is uncomfortable for people in the first three rows, but that's life ;)
[ambrus]: The pillars are there because this is in the 6th floor of building R of BME, which is an attic that was built in after the original building, which is also why the elevator doesn't go that high and the windows are tiny.
[Corion]: ambrus: Hehe ;) Yeah - such real life stuff is far more inconveniencing than wasting display area due to screen ratio problems :)
[ambrus]: Corion: yes, it's a bit tricky. you can try to adjust the slides live to cover only a part of the screen, but it's still hard.
[ambrus]: Corion: two very hard things about presentations I should try to work on if I have twenty times as much free time as in real life are:
[Corion]: That's why I like HTML - it makes it relatively easy to resize stuff. Resizing with Powerpoint is much harder, or at least, I remember it being that way

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (12)
As of 2017-09-26 10:14 GMT
Find Nodes?
    Voting Booth?
    During the recent solar eclipse, I:

    Results (293 votes). Check out past polls.