[tahoe-dev] eating my own dog food -- Zooko's hlog
Terrell Russell
terrellrussell at gmail.com
Wed Jul 30 16:17:53 UTC 2008
zooko wrote:
> Brian:
>
> Any objection to Tahoe stripping out linefeeds and whitespace, per
> Drew's suggestion?
>
Seems like there's potential for an attack if Tahoe proper is to be
rewriting submitted caps (spaces are delimiters on the CLI, etc). Is
there any cleaning that already happens? Or is the submitted cap taken
as-is, in the current code?
Perhaps only the WUI should have this behavior?
I suggest only having the WUI try to intelligently redisplay a cap-page
if a '404' has been hit and the 'cleaned' version is different from the
original.
if 200
display page
elseif 404
clean the cap (remove whitespace and linefeeds)
check cleaned cap against original
if different
attempt display of cleaned-cap page
else
display 404
end
else
other statuses...
end
Terrell
More information about the tahoe-dev
mailing list