Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #12066
| References | <d71c3602-24e6-40f7-a98d-37d21ba22980@k3g2000vbz.googlegroups.com> <61cd88fa-1820-4667-9c01-11fc1b8b574f@glegroupsg2000goo.googlegroups.com> |
|---|---|
| Date | 2011-08-23 09:24 +0100 |
| Subject | Re: CGI input: Filter dict.update() unwanted variables |
| From | Chris Angelico <rosuav@gmail.com> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.339.1314087882.27778.python-list@python.org> (permalink) |
On Mon, Aug 22, 2011 at 4:39 PM, Miki Tebeka <miki.tebeka@gmail.com> wrote:
> You can check if there is a "non-allowed variable" and then return HTTP error.
> if set(form) - set(allowedVariables):
> print('Status: 406\n\n')
> raise SystemExit()
>
I'd be disinclined to do this; ignore unrecognized query variables,
but don't throw back an error. Sometimes it's convenient to let the
browser send a "junk header" that the server will ignore - helps with
integration with other systems. As long as you can be sure that the
script won't do the wrong thing, it should be fine to have an extra
bit of GET/POST data.
ChrisA
Back to comp.lang.python | Previous | Next — Previous in thread | Find similar | Unroll thread
CGI input: Filter dict.update() unwanted variables Gnarlodious <gnarlodious@gmail.com> - 2011-08-22 08:28 -0700
Re: CGI input: Filter dict.update() unwanted variables Miki Tebeka <miki.tebeka@gmail.com> - 2011-08-22 08:39 -0700
Re: CGI input: Filter dict.update() unwanted variables Gnarlodious <gnarlodious@gmail.com> - 2011-08-22 21:12 -0700
Re: CGI input: Filter dict.update() unwanted variables Chris Angelico <rosuav@gmail.com> - 2011-08-23 09:24 +0100
csiph-web