RequestFactory: remove or improve binary mode #34
Comments
|
My only contribution to this discussion would be stating that I've never needed to allow binary on RequestFactory, which is by itself not an argument for removing it :) I really have no idea what is it good for. Now that I think about it, I usually transfer binary data using Ideal would be to find somebody who is using it. |
|
Binary mode is not intended for transfering single parameter, it makes RequestFactory able to work with non-utf8 encodings. |
|
I didn't know that, the name is confusing. What are the real-word use cases when you would enable binary mode? When designing an API for somebody who is not enable to send you UTF-8? |
|
Real-world use case is each web with non-utf8 encoding. |
|
@dg What was there reason to remove support for other encodings. Binary only seems bit unsafe (everyone has to count with it while working with presenters and so on). |
|
Nette supports only utf-8 since 2.0. It doesn't prevent when you want to use other encoding, but either doesn't help you. |
|
I'm wondering if there is a single Nette application that uses non-utf-8 encoding. Because for example you cannot use Latte with non-utf-8 encoding. There is not a single @dg What is your decision – can I remove the binary mode entirely or do you think we should keep it and close therefore this issue? |
|
I think it can be removed in next big version, but now it is unnecessary BC break. |
|
Ok, closing for now. I'll put it on my list of things to do in Nette 3. |
|
Why closing? |
|
Because it's won't fix for know because you have not yet opened a branch that can accept this change. |
Current implementation of binary mode (
RequestFactory::setBinary()) is stupid and encourages insecure behavior, because I usually want to transfer only a single parameter in binary. To achieve that user should not disable UTF-8 validation on all input parameters.We should either
Currently I'm in favor of the first option for the following reasons:
$_GET['binaryData']or$_POST['binaryData']– its ugly but practicalRequstFactorywhich would allow specifying that certain parameters should be treated as binary.Thoughts? cc @dg, @fprochazka
Note: If we choose the remove the binary mode entirely with the vision that users may implement custom wrapper around
RequestFactorywe may no longer throw exception (see #30 for related discussion) for invalid parameters.The text was updated successfully, but these errors were encountered: