The change I made is in the gui-pkg-manager repo (well there may be one more word in the name).
Yes, it does just strip. I didn't see any code that was doing what you describe but I also didn't look for it! Robby On Tue, Sep 15, 2020 at 8:39 AM John Clements <cleme...@brinckerhoff.org> wrote: > I have a question about the new behavior. > > > > (ObResearch: actually, I checked the drracket, racket, and gui repos, and > I couldn’t find any new push, so I couldn’t check the code myself.) > > > > Does it simply strip newlines, as Jack suggested, or does it signal an > error? The latter seems less likely to silently cause weird problems / > vulnerabilities / etc. > > > > Also, I notice that the (current) behavior changes when there’s a branch > specified explicitly; it seems that in this case, the URL parser happily > splits at the hash and dumps the rest (including newlines) into the > “branch” without any message about invalid characters. That might be an > error in our URL parsing… or maybe URLs are allowed to have newlines in > that part? That would be strange. Either way, I suspect that that bug (if > it’s a bug) will be hidden by this fix. > > > > Finally, a million thanks for fixing this; I always have students (and it > happened again yesterday!) that run into this. > > > > John > > > > > > > > > On Sep 15, 2020, at 07:38, Robby Findler <ro...@cs.northwestern.edu> > wrote: > > > > > > I just worry about backwards compatibility. There are probably places > that already do something about this problem woutside of the control-- how > will they interact? > > > > > > Maybe if someone were to audit existing code on the pkg server then we > would know that changing the behavior in a certain way would work out. > > > > > > Robby > > > > > > > > > On Tue, Sep 15, 2020 at 12:46 AM Sorawee Porncharoenwase < > sorawee.pw...@gmail.com> wrote: > > > Can you explain why you are not sure? Under what circumstances do you > think the current 'single style behavior is useful? > > > > > > We can add 'single-no-return (though I dislike it because 'single means > no return already!) and change existing places that use 'single. However, > without switching the default style from 'single to 'single-no-return, > people will make mistakes again in the future. But if we will change the > default style to 'single-no-return too, why don't we simply directly change > the behavior 'single? > > > > > > On Sun, Sep 13, 2020 at 1:36 PM Robby Findler <ro...@cs.northwestern.edu> > wrote: > > > I'm not sure. I would probably add a 'single-no-return style and then > grep the codebase for places that use 'single and change them (as > appropriate). > > > > > > Robby > > > > > > > > > On Sun, Sep 13, 2020 at 3:15 PM Sorawee Porncharoenwase < > sorawee.pw...@gmail.com> wrote: > > > I meant, wouldn’t it be better to fix text-field% itself, instead of > only some instances of it? Sorry if that was confusing. > > > > > > > > > > > > > > > On Sun, Sep 13, 2020 at 1:12 PM Sorawee Porncharoenwase < > sorawee.pw...@gmail.com> wrote: > > > Should the fix apply to all 'single styled text-field% too? > > > > > > > > > > > > > > > On Sun, Sep 13, 2020 at 7:50 AM Robby Findler <ro...@cs.northwestern.edu> > wrote: > > > Yea, I agree. I'd made that change locally but hadn't pushed because I > couldn't make the bad behavior happen reliably. Perhaps that lack shouldn't > stop us! Pushed now. > > > > > > Robby > > > > > > > > > On Sat, Sep 12, 2020 at 11:15 PM jackh...@gmail.com < > jackhfi...@gmail.com> wrote: > > > Could we make the "do what I mean" box just automatically strip any > newlines pasted into it? It seems sensible to me to require that it only be > a single line input. > > > > > > On Friday, September 11, 2020 at 6:22:59 AM UTC-7 hen...@topoi.pooq.com > wrote: > > > On Thu, Sep 10, 2020 at 10:27:39AM -0400, George Neuner wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On 9/10/2020 10:06 AM, Philip McGrath wrote: > > > > > > > > > > > Also, this is happening over encrypted HTTPS: no one is sniffing the > > > > > > > > > > > User-Agent header. > > > > > > > > > > > > > > > > > > > > While it may not be the issue here, you need to understand that > appliance > > > > > > > > > > firewalls CAN and routinely DO examine data inside encrypted > connections. > > > > > > > > > > > > > > > > > > Using man-in-the-middle attacks? > > > > > > > > > > > > > > > > > > -- hendrik > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > You received this message because you are subscribed to the Google > Groups "Racket Users" group. > > > > > > > > > To unsubscribe from this group and stop receiving emails from it, send > an email to racket-users+unsubscr...@googlegroups.com. > > > > > > > > > To view this discussion on the web visit > https://groups.google.com/d/msgid/racket-users/84b16cf0-7837-4d54-9423-c1286f5e2b7an%40googlegroups.com > . > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > You received this message because you are subscribed to the Google > Groups "Racket Users" group. > > > > > > > > > To unsubscribe from this group and stop receiving emails from it, send > an email to racket-users+unsubscr...@googlegroups.com. > > > > > > > > > To view this discussion on the web visit > https://groups.google.com/d/msgid/racket-users/CAL3TdON46%3DPR6_-iyppSMLsfEvNEveq3uGu64gQ3Lu1or7QgNw%40mail.gmail.com > . > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > You received this message because you are subscribed to the Google > Groups "Racket Users" group. > > > > > > > > > To unsubscribe from this group and stop receiving emails from it, send > an email to racket-users+unsubscr...@googlegroups.com. > > > > > > > > > To view this discussion on the web visit > https://groups.google.com/d/msgid/racket-users/CADcuegtFzzeErTTqi3m9Hyr%2Bu1m8YEo0cnAEw2onhKXGnTzHOg%40mail.gmail.com > . > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > You received this message because you are subscribed to the Google > Groups "Racket Users" group. > > > > > > > > > To unsubscribe from this group and stop receiving emails from it, send > an email to racket-users+unsubscr...@googlegroups.com. > > > > > > > > > To view this discussion on the web visit > https://groups.google.com/d/msgid/racket-users/CADcuegsBYxxQJgjSz9ohS6fiRHaOXiO_Bx%3D_JoiiAvTQMHWH6A%40mail.gmail.com > . > > > > > > > > > > > > -- > > > You received this message because you are subscribed to the Google > Groups "Racket Users" group. > > > To unsubscribe from this group and stop receiving emails from it, send > an email to racket-users+unsubscr...@googlegroups.com. > > > To view this discussion on the web visit > https://groups.google.com/d/msgid/racket-users/CAL3TdOPWAYLZFz%3DNcRm-veqLX-mpVp39B8umSmkcy0yQnLN1pQ%40mail.gmail.com > . > > > > > > > > -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/racket-users/CAL3TdOO%3DSVJwDCJ3j8n3V52zC1gKJHL4cnpFPjMtvzhROs6PTQ%40mail.gmail.com.
