On Thu, Jan 19, 2017 at 4:01 PM, Gergo Tisza <gtisza(a)wikimedia.org> wrote:
On Thu, Jan 19, 2017 at 7:25 AM, Brad Jorsch (Anomie)
<
bjorsch(a)wikimedia.org> wrote:
Because backslash is the escape character in JSON
strings, and so needs
to be escaped to represent an actual backslash. If your JSON decoder is not
properly transforming that token into a native string ending with a single
backslash then your JSON decoder is fundamentally broken and should
probably be replaced.
I wonder if it would be worth for the API to issue a more specific warning
when a token has been submitted but it does not have the format that tokens
normally do. Something like "you submitted the token abc1234 \ but you
were expected to submit the token abc1234+\ which in the raw request
should look like abc1234%2B%5C" might make it easier for people to figure
out on their own what they are doing wrong.
OTOH, every check of this sort we add is more code complexity. And I note
if you're using multipart/form-data, it shouldn't look like
"abc1234%2B%5C".
--
Brad Jorsch (Anomie)
Senior Software Engineer
Wikimedia Foundation