Comments (15)
Pushed new version 0.6.2 with this change.
from sqlite-web.
Hi @coleifer,
I think you are probably right about it being quoted making it ok, but I thank you for walking it back anyway, because I don’t know how we’d convince them otherwise.
You’re the best! You’ll make a lot of people happy.
from sqlite-web.
Thank you for this change! ❤️
The HA clowns
Not sure if that was needed, adding value, or called for.
../Frenck
PS: I wanted to compare diff between releases, however, it seems like the git tag for this release is missing.
from sqlite-web.
0.6.1...0.6.2 - here's the diff, I'd forgotten to push the tag I guess.
from sqlite-web.
I went looking to find out why Home Assistant doesn't allow newlines in URLs, and it's because they're considered unsafe according to the WhatWG URL parsing standard, apparently cpython strips them out during URL parsing too.
See: home-assistant/core#90348
from sqlite-web.
Thanks for sharing this, I've made a commit here c776cdc that allows this to work with GET or POST, and switches the form method back to POST by default. I had no idea that URL-encoded get parameters could be considered unsafe, that seems strange to me -- what middleware is catching this?
I think this is a bug in the "ha" code, as it's perfectly fine for newlines and carriage returns to be passed in the GET as long as they're quoted (as far as I can tell):
>>> from urllib.parse import *
>>> unquote('q=foo%0D%0Abar')
'q=foo\r\nbar'
>>> parse_qs('q=foo%0D%0Abar')
{'q': ['foo\r\nbar']}
As you can see, Python has no problems with newlines. It's the janky middleware in the "ha" application that is being overly-strict, in my opinion.
The HA clowns locked the discussion on home-assistant/core#90348 so I can't comment there, but I think this is a bug on their side. Passing multiline strings in the querystring should be perfectly fine provided you escape things.
from sqlite-web.
I also just wanted to say thank you! Regardless of the situation, in the end, the reason we write code is so that it can be useful. This change will allow many more of us to benefit from your efforts, and they are appreciated!
from sqlite-web.
Thanks for pushing the tag!
from sqlite-web.
Hi @coleifer,
We noticed that the query box on the main page uses GET still. It 404s with a query on the one line and trips up HA’s filtering a multiline. I haven't looked into it super deeply, but all the other query boxes I've tried work fine.
Should this be a separate GitHub issue?
from sqlite-web.
Oh shoot you're right, I missed that one - apologies.
This is fixed and a new version 0.6.3 is up on pypi now.
from sqlite-web.
Thanks @coleifer that fixed the GET/POST issue, but the 404 we're getting is because the form action is /query/
but running in HA the URL for me is: homeassistant.local/api/hassio_ingress/-Xs0IbVz5d9jlaDhzdtz3u6GKjTGzzDG_1zil4CSbPI/
. Using the chrome dev tools I changed the form action to query/
, and that fixed it.
If I'm on the query page homeassistant.local/api/hassio_ingress/-Xs0IbVz5d9jlaDhzdtz3u6GKjTGzzDG_1zil4CSbPI/query/
I notice that it uses .
as the form action.
Is that something that changed recently or does home assistant need to set an env variable for base URL or something?
from sqlite-web.
Out of curiosity, do any of the links work, e.g. clicking on a table name in the left-nav or clicking the query button in the top-right? They all use the same format and the form action is not special in any way. Nothing has changed on my end with regards to the URLs. You can use the -u
option to specify a URL prefix for the application if you wish.
from sqlite-web.
This issue with the main page query not working seems to pre-date the issue with multi-line. I was able to use single-line queries after clicking onto the page for a specific table, but never on the main page. According to my google searches this was a "known problem" with the home assistant integration even before the multi-line thing came up.
from sqlite-web.
No idea man all the urls are built the same way sounds like some nonsense in the ha integration
from sqlite-web.
Yeah only specific urls work with the HA integration:
I'm going to try and use that -u
option, I'm fairly sure it should work, which should resolve random issues like this
from sqlite-web.
Related Issues (20)
- How to specify SQLITE_WEB_PASSWORD in k8s deploy? HOT 1
- admin password is not encrypted and it's not secure HOT 3
- peewee.OperationalError: unknown tokenizer: mozporter when opening Thunderbirds global-messages.sqlite HOT 1
- Docker Image for arm 64 HOT 1
- Forgotten DockerHub image HOT 3
- Bookmark drop down in query not visible on IOS devices HOT 2
- Log file is not created and logging is printed to console HOT 1
- Are other DB's planned? HOT 1
- Enabling foreign key constraints HOT 2
- Pagination styles HOT 1
- coleifer/sqlite-web on DockerHub seems not to be up to date HOT 3
- Serve sqlite-web in a flask end point HOT 1
- Large results are slow HOT 2
- Values are truncated HOT 1
- Disable hotkeys HOT 1
- Insert Tab checks all fields HOT 2
- ARM64 build is broken HOT 2
- Response time when docker is disconnected from internet HOT 1
- sqlite3.OperationalError: Could not decode to UTF-8 column HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sqlite-web.