Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #12066
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!newsfeed.hal-mli.net!feeder3.hal-mli.net!nx01.iad01.newshosting.com!newshosting.com!news2.euro.net!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <rosuav@gmail.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.012 |
| X-Spam-Evidence | '*H*': 0.98; '*S*': 0.00; 'unrecognized': 0.07; 'throw': 0.09; 'variables,': 0.09; '4:39': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'subject:() ': 0.16; 'subject:Filter': 0.16; 'mon,': 0.16; 'wrote:': 0.16; 'header:In-Reply-To:1': 0.22; 'systems.': 0.23; 'pm,': 0.24; 'aug': 0.24; 'ignore': 0.26; 'fine': 0.26; 'bit': 0.28; 'server': 0.29; 'message-id:@mail.gmail.com': 0.29; "won't": 0.29; 'script': 0.29; '22,': 0.30; 'integration': 0.31; 'error.': 0.32; 'there': 0.33; 'to:addr:python-list': 0.33; 'data.': 0.36; 'convenient': 0.37; 'http': 0.37; 'query': 0.37; 'but': 0.37; 'received:google.com': 0.38; 'received:209.85': 0.38; 'should': 0.38; 'subject:: ': 0.39; 'skip:\xa0 10': 0.39; 'to:addr:python.org': 0.39; "i'd": 0.40; "it's": 0.40; 'browser': 0.61; 'back': 0.62 |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=2ojiHdMtQPHiPp/LiyFOL1pYAvki0k5bSf2GLzCNods=; b=AXOnsqMmnoJk/TvYa3JCuqgvIDn4cGaWygF33yzGpe3Hf3oSaJqC4wtWV5khXsDf3t 6SCfry0ypjWPELZwP3Ph/cZadJWxhLmXjX8Tc1ZhB+hFLNOoSojB4/k4FZ2kd+AXeS1S wfz+51ai8dlI0n1o/R8o65k1DlTZRZ4ZMC7hU= |
| MIME-Version | 1.0 |
| In-Reply-To | <61cd88fa-1820-4667-9c01-11fc1b8b574f@glegroupsg2000goo.googlegroups.com> |
| References | <d71c3602-24e6-40f7-a98d-37d21ba22980@k3g2000vbz.googlegroups.com> <61cd88fa-1820-4667-9c01-11fc1b8b574f@glegroupsg2000goo.googlegroups.com> |
| Date | Tue, 23 Aug 2011 09:24:39 +0100 |
| Subject | Re: CGI input: Filter dict.update() unwanted variables |
| From | Chris Angelico <rosuav@gmail.com> |
| To | python-list@python.org |
| Content-Type | text/plain; charset=ISO-8859-1 |
| Content-Transfer-Encoding | quoted-printable |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.12 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.339.1314087882.27778.python-list@python.org> (permalink) |
| Lines | 16 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1314087882 news.xs4all.nl 23886 [2001:888:2000:d::a6]:60493 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | x330-a1.tempe.blueboxinc.net comp.lang.python:12066 |
Show key headers only | View raw
On Mon, Aug 22, 2011 at 4:39 PM, Miki Tebeka <miki.tebeka@gmail.com> wrote:
> You can check if there is a "non-allowed variable" and then return HTTP error.
> if set(form) - set(allowedVariables):
> print('Status: 406\n\n')
> raise SystemExit()
>
I'd be disinclined to do this; ignore unrecognized query variables,
but don't throw back an error. Sometimes it's convenient to let the
browser send a "junk header" that the server will ignore - helps with
integration with other systems. As long as you can be sure that the
script won't do the wrong thing, it should be fine to have an extra
bit of GET/POST data.
ChrisA
Back to comp.lang.python | Previous | Next — Previous in thread | Find similar | Unroll thread
CGI input: Filter dict.update() unwanted variables Gnarlodious <gnarlodious@gmail.com> - 2011-08-22 08:28 -0700
Re: CGI input: Filter dict.update() unwanted variables Miki Tebeka <miki.tebeka@gmail.com> - 2011-08-22 08:39 -0700
Re: CGI input: Filter dict.update() unwanted variables Gnarlodious <gnarlodious@gmail.com> - 2011-08-22 21:12 -0700
Re: CGI input: Filter dict.update() unwanted variables Chris Angelico <rosuav@gmail.com> - 2011-08-23 09:24 +0100
csiph-web