Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much

RFC: Where to patch to enforce maxlength in Mech?

by davidrw (Prior)
on Jan 08, 2008 at 13:50 UTC ( #661086=perlmeditation: print w/replies, xml ) Need Help??

This is spawned from looking into problem loggin into pm .. It appears that the problem there was that a field value was too long -- the browser respects the http attribute maxlength=8, and so truncates the value before posting. But when trying to submit the form directly w/WWW::Mechanize, it doesn't know to truncate, and sends the full string, and authentication must fail because server compares against the 8-character password.

So i started poking at WWW::Mechanize and HTML::Form to see where logic could be added to truncate values if the input field has a maxlength, and came up w/two potential spots:

(A) In HTML::Form::TextInput::value() (it's defined in HTML/, change $self->{value} = shift; to:
my $v = shift; my $n = exists $self->{maxlength} ? $self->{maxlength} : undef; $self->{value} = $n ? substr($v,0,$n) : $v;

(B) In WWW/, add logic in the field() and set_fields() methods to do the same thing, where $n = $form->find_input(...)->{maxlength}. Would have to do something to the $form->value($name => $value); calls, too.

While (B) limits it to this specific case, it's a much messier implementation, and breaks encapsulation.

(A) vs (B)?
Or (C) of neither, and user constructing the post should know the limits/restrictions?
Also, should (probably yes?) either solution be conditional on some option/config setting so as to leave default behavior alone?

Replies are listed 'Best First'.
Re: RFC: Where to patch to enforce maxlength in Mech?
by Fletch (Chancellor) on Jan 08, 2008 at 16:03 UTC

    I'd go for making it optional and/or easily turned off as I could see applications where one would want to be able to misbehave (e.g. penetration testing, sending intentionally malformed/oversized input to check that the receiver is well behaved)

    The cake is a lie.
    The cake is a lie.
    The cake is a lie.

Re: RFC: Where to patch to enforce maxlength in Mech?
by perrin (Chancellor) on Jan 08, 2008 at 16:34 UTC
    It belongs in HTML::Form, where the enforcement of hidden fields is. However, it must be optional. The hacky way of turning off the hidden field behavior of HTML::Form is the most irritating thing about Mechanize.
      I thought about it some more and just went w/a patch that adds a warning. That would help at least identify times when this is quietly causing a problem (like the post that started this) and is a nice easy, straight-forward, non-intrusive patch. Patch:

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlmeditation [id://661086]
Approved by Corion
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (3)
As of 2021-10-18 21:37 GMT
Find Nodes?
    Voting Booth?
    My first memorable Perl project was:

    Results (75 votes). Check out past polls.