#401 new
seph

webrat doesn't handle form fields with an equals sign ('=')

Reported by seph | December 29th, 2010 @ 11:19 PM

If I have a form field prefilled with an equal sign, webrat appears to truncate at it on form submission.

http://www.directionless.org/webrat-test.pl is a test form that prefills various things, and tells you how things are returned. mechanize works, but webrat truncates at the equal signs. https://gist.github.com/759441 is example.

Comments and changes to this ticket

  • seph

    seph January 3rd, 2011 @ 05:57 PM

    I found the problem. Webrat::Form's self.query_string_to_params splits the query string on the equal signs, and takes the first and the last element. Since you're not escaping for mechanize, this means everything in between gets lost.

    I see two ways to fix this. You could escape the params, and then unescape them before submission (thus protecting the = signs, and anything else). Or you could tell split to only find 2 elements.

    I've attached patches for either. I don't understand all the tradeoffs of the escaping, so I'm just limiting the split.

  • seph

    seph January 3rd, 2011 @ 06:00 PM

    • no changes were found...
  • seph
  • Nick

    Nick March 17th, 2011 @ 06:47 AM

    I ran into this bug. I was testing the behaviour of a SAML login, which includes some Base64-encoded XML. If the Base64 chunk ended in an equals sign (which it often does), it would get stripped off, removing the last couple of characters of the XML.

    Seph's patch did the job, though there's a more concise way to turn it into a Hash:

    query_string.split('&').map {|query| Hash[*query.split('=',2)] }
    

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Ruby Acceptance Testing for Web applications.

Shared Ticket Bins

People watching this ticket

Attachments

Pages