Escaped Commas cannot be used in a filter string #444
Comments
|
🤔 I'm not sure that we should distinguish between encoded and non encoded commas (or even if we can—if i remember correctly, it's already decoded when we get it). This behavior comes from the JSON:API recommendations on filtering: https://jsonapi.org/recommendations/#filtering/ But, maybe we should add a flag to opt out of comma separated value parsing. Would that work for your needs? And if so, would you use it app-wide or on a per resource basis? |
|
I was hoping to use comma separated value parsing as well, actually. I noticed that the url was decoded already by the time the query parsing happened, but I don't know why that is. Couldn't we get the unescaped string directly from the request in the controller, and then split the query parameters, and then decode the query parameters? |
|
I don't think the jsonapi spec specifically says anything about what you should/shouldn't be able to filter on. if i wanted to filter on multiple things with commas in their names, my url should look like the following: i think this is related/under the hood nearly the same issue as the one i opened a bit ago: #408 |
|
I think that's an accurate assessment. What we'll need to figure out is how to get the raw url encoded values since it looks like AspNetCore already decodes them when deserializing to |
|
Yeah, @mary-gao seems to have found that the controllers do have access to the literal query string, but as far as it being the right solution to write jsonapi's own parser, i'm not sure about that one. feels like something someone in the past would have run into and there might already be an elegant solution out there! |
|
In order to implement this, we will need to use
It would be a lot better if we could hijack the parsing work so it only happens once and leaves the values percent encoded. I did some quick looking but haven't found where the |
|
Alternatively, what about just using a CSV-type parser and surrounding filter values containing commas with quotes. CsvHelper and TinyCsvParser are the two that jumped out pretty quickly when searching. |
|
I don't think we need to bring a dependency in for this. Parsing is not difficult and I don't think it should be specific to %2C. I just didn't want to do extra work on each request if we didn't need to. I think to avoid a breaking change and unexpected behavior for existing users we can:
public interface IQueryParamParser {
QueryCollection GetParsedQueryParams();
}
public class DefaultQueryParamParser : IQueryParamParser {
private readonly HttpContext _httpContext
public DefaultQueryParamParser(IHttpContextAccessor httpContextAccessor) {
_httpContext = httpContextAccessor.HttpContext;
}
public QueryCollection GetParsedQueryParams() => _httpContext.Request.Query;
}
// better name desired...
public class RawValueQueryParamParser : IQueryParamParser { /* TBD */ }
services.AddJsonApi(options => {
options.QueryParsingStrategy = QueryParsingStrategy.KeepRawValues;
});
services.AddScoped<RawValueQueryParamParser, DefaultQueryParamParser>();In a future major release we might make this the default behavior. I suspect it will be necessary to address #408. |
Description
It's not possible right now to search for items using a comma in the filter string. So, when I GET
I don't get the entries that I expect (all the entities with a name that contains a comma).
It looks like this is because we split the filter string on the comma after it has already been decoded, so we do not distinguish between "?filter[name]=a%2Cc" and "?filter[name]=a,c".
Environment
The text was updated successfully, but these errors were encountered: