Clever Geek Handbook

The parameter raises the error "does not display Unicode" in Catalyst

The error is shown below:

catalyst.pl Hello
cd Hello
echo "encoding utf8" >> hello.conf
script/hello_server.pl -r

Then go to http://localhost:3000/?q=P%E9rl

in your browser and you will get 400 Bad Request

.

It seems to be the Catalyst method _handle_param_unicode_decoding()

that is generating this error. Considering this error is trivial to generate, it shows up in the error logs and Google was unable to fix this error for me. I cannot prevent users from entering query strings like this. How can I get around this?

+3


source to share


2 answers


URLs are expected to be encoded using UTF-8. RFC3986:

When the new URI scheme defines a component that represents textual data composed of universal character set characters, the data must first be encoded as octets according to the UTF-8 character encoding; then only those octets that do not match the characters in the unreserved set shall be percent encoded.

P E9 r l

invalid UTF-8.



I believe you went for Pérl

(é U + 00E9)? It will be

$ perl -Mutf8 -MURI::Escape -E'say uri_escape_utf8("Pérl")'
P%C3%A9rl

400 Bad Request

is a good mistake to provide a bad url. If the user does not want to see this error, they must use a valid URL. You can override the default Catalyst error handling behavior (for example, to provide a more accurate error page) with handle_unicode_encoding_exception()

.

+3


source


Thus, Catalyst.pm has a method that you can change in your subclass (Hello.pm in the example above) that defines what the errors look like. If you want to surprise these errors, you can do so. Take a look at:

https://metacpan.org/source/JJNAPIORK/Catalyst-Runtime-5.90077/lib/Catalyst.pm#L3108

you can override this method if you like.



Alternatively, if you have a suggestion to change the code or any configuration option, you can detach the Catalyst gigub repository and send me a pull request with your ideas:

https://github.com/perl-catalyst/catalyst-runtime

These methods are currently considered private, but I am considering them fully.

+1


source






More articles:


All Articles