Comments (5)
Hi! This has, of course, been brought up many times :) Currently the answer is you'll never be able to set options in urlencoded
that do not apply to both extended and non-extended parsers (depth would not apply to the non-extended version). The option to use qs
module is called "extended" instead of "parser: qs" because it is not meant to show any detail of the parser module used in the end (and, in fact, this saved us in being able to upgrade the qs parser for a security fix without requiring a major version bump in this module).
Version 2.0 of the module will, however, allow you to use whatever parsing function you desire, which would mean you could make your own custom parsing function that uses qs
with whatever option (like depth) you wanted without support from this module needing to be built-in.
For now, I'm going to close the issue, as the direct request will never be added here, but in 2.0 you'll have an indirect solution, unlike the current version.
from body-parser.
Oh, and of course if you're wondering, until 2.0, the current work-around would be to think about why you are even providing such a deep structure as urlencoded and not as JSON and perhaps simply use JSON (which will parse your structure > 50x faster), you can use the urlencoded({ extended: false })
and then pass req.body
through qs
yourself to expand it with your custom depth, or you can use a module like raw-body
to capture the body and run that through qs
.
from body-parser.
The 2.0 approach sounds good. Arbitrary parse functions will be useful and give access to the underlying parser at the level we would need to fix this deep-nesting issue.
Sorry for the dup, I must have searched incorrectly for previous issues. This is a pretty opaque gotcha with the qs module, you might want to make it an example for new users. And yep, we solved this by switching to application/json - but I felt to be responsible I should report what I found :)
from body-parser.
Sorry for the dup, I must have searched incorrectly for previous issues.
It's no problem--I have done the same thing myself in other projects, so it's certainly fine :)
This is a pretty opaque gotcha with the qs module
Yea, it is. I believe it came about because it was too easy to make a really deep structure without much effort from the client, but, I mean, you can do that with JSON, so I'm not sure what the real benefit of making the default low is, other than perhaps nudging people to say they may really want to be using JSON ;) I may even decide to up that limit with this module (I have some other qs
limit turned higher in this module already).
you might want to make it an example for new users.
This is true, though it's hard to really give them an example until the module supports it :) I may certainly write it down as an example of using the newer "custom parse functionality" stuff, though.
but I felt to be responsible I should report what I found :)
Once again, it's no problem :)
from body-parser.
Version 1.11.0 doesn't allow you to set the depth, but there is no longer a limit, so it's not necessary to control the value.
from body-parser.
Related Issues (20)
- bodyParser is deprecated HOT 24
- 'bodyParser' function is deprecated in index.d.ts file HOT 1
- HTTP:413 Request Entity Too Large HOT 5
- Conform with express-validator on parameter representation
- bodyParser is deprecated, error HOT 1
- bodyparser.json() shown as deprecated? (question) HOT 7
- pass options to qs thru urlencoded? HOT 4
- Cannot catch SyntaxError when user provides invalid JSON in body and content-type: application/json HOT 3
- Support for content-encoding: deflate raw HOT 7
- req.body could not be accessed when send as form data, but works fine with JSON HOT 3
- Pass custom parameters to `qs` HOT 3
- Update iconv-lite to latest 0.6.3 HOT 7
- support for ndjson
- Regular Expression Denial of Service (ReDoS) in [email protected] HOT 3
- Update `debug` dependency (memory leak leading to vulnerability) HOT 1
- api calls made with invalid json HOT 5
- Add support for removing body parser limit HOT 8
- BadRequestError: request size did not match content length HOT 7
- How to handle content-type mismatch? HOT 1
- CVE-2017-20165 - debug HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from body-parser.