Remove '\u0000' from input when sanitizing null input #89
Conversation
|
There's a lot of unrelated formatting chances so I won't reviewing the PR. |
|
@whitequark Aside from the formatting changes, do you have an issue with this change? Would like to use this gem for sanitizing but we also need to sanitize \u0000, and happy to put up a PR without needless style changes |
|
I haven't reviewed it due to the formatting changes. I haven't even used Ruby in almost a decade and I don't want to waste my time looking at a PR like this one. |
It's OK, but maybe you should assign a new maintainer for this repo. If you're not sure who — open an issue for this. |
|
I'm aware of my options. |
such
force-pushed
the
am/null-byte-string
branch
from
20d0065 to
7042887
Compare
|
@whitequark / @AlexWayfer - the PR has been updated to remove unnecesarry formatting changes. Can we get a review please? |
| @@ -8,6 +8,7 @@ module Rack | |||
| class UTF8Sanitizer | |||
| StringIO = ::StringIO | |||
| NULL_BYTE_REGEX = /\x00/.freeze | |||
| NULL_BYTE_STRING_REGEX = Regexp.new('\\\u0000').freeze | |||
There was a problem hiding this comment.
I'm quite confused about this PR. Isn't \\\u0000 matching normal text that also happens to be a Ruby string escape sequence? There shouldn't be any reason to remove it from the input unless you're doing something rather strange with the string.
What problem does this actually solve?
There was a problem hiding this comment.
even though it's indeed normal text connection.escape(s) fails with PG when a string contains this.
even if it was optional as well? |
|
This has nothing to do with invalid UTF-8, so yes. |
No description provided.