You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Working on a web server I've realized that hyper nor serde_qs have an option for a maximum query string length.
It would be nice to add such an additional option to the Config of serde_qs rather than implementing custom validation for each place that uses serde_qs to deserialize query strings.
What is your opinion on this?
The text was updated successfully, but these errors were encountered:
That sounds like a mostly reasonable idea. For example, we already support having a "depth" limit, which controls how deeply we'll attempt to construct maps.
Out of curiosity, what's the use case? I could maybe see that as a simple protection against denial of service attacks (I'm imagining someone submitting q[][][][][][][]....<many many more>[][][][][]=1 for example.
On the other hand, this feels like it would be growing the scope of serde_qs beyond what I'd reasonable want to support. I think it would be easier to write that as a middleware in whatever web framework you are using.
Working on a web server I've realized that hyper nor
serde_qs
have an option for a maximum query string length.It would be nice to add such an additional option to the
Config
ofserde_qs
rather than implementing custom validation for each place that usesserde_qs
to deserialize query strings.What is your opinion on this?
The text was updated successfully, but these errors were encountered: