http://coldfusion.com logo
Join Slack
Powered by
Had a crash in one of my apps a few days ago that'...
# cfml-general
d
Had a crash in one of my apps a few days ago that's odd to me. Submitted text was too long to fit in the db column, which of course we should have validated server side, but the weird thing is that there's definitely a size="60" spec on the field in the UI, and I can't put more text than that in there, but the user did. User's browser appears to have been safari. Anybody run into that?
b
Maybe because of hidden characters. For example a copy/paste thing. Your maxlength attribute probably won't catch that. Best to validate before it hits your DB..
b
size="60" only sets the physical dimension on the input field. Use maxlength="60" to limit the number of characters that can be entered - even by copy&paste.
d
I misspoke, sorry. While it does have a size spec, the relevant one here is maxlength="100", which it also has. The submitted value recorded in our error logs is length 103, with only a-z0-9, space, and comma, straight-up language a clinician would use, nothing weird or hacky or foreign. It seems that the browser just allowed that.
b
hmm... Might be some special double byte characters that the browser counts as 1 but arrive as two at the database? Just thinking out loud with that... I know we've had to spend a bit of time recently handling emojis. Not sure if that could be a factor though.
My know-it-all AI bot suggests the same... "Character Encoding Differences: The maxlength attribute counts UTF-16 code units, while server-side processing might count bytes or Unicode code points. For example, emojis or certain special characters (like accented letters) may use multiple code units or bytes"
d
I don't see anything weird, but the log of the form scope is actually a cfdump, so it might not be a completely accurate representation of the real data. FWIW, user agent is recorded as this: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3.1 Safari/605.1.15
(For perspective on this next bit, this is a big complex app written over many years by many people, mostly me for the last 5.) Apparently the line of code that would have validated the length of that field was there, but was commented out in 2013, by the very very smart person who wrote a great deal of this app. If I put it back, remove maxlenth in the form with browser dev tools, and put in text that's too long, the validation error gets triggered as expected. It's possible that hidden or multibyte characters might have slipped through anyway, hard to say without more testing I don't have time for. There's no indication as to why that validation was removed, grrr. This is a particularly knotty section of code, so I'm a bit shy about putting it back for real. I can hear all the "just rerun your test cases" righteous hollers back there, but alas, there's no such animal, and building them is prohibitive, especially for this bit. And yes I know that makes them an especially good idea to have, but I cannae do it sir.
b
left(messageText,100) might be what you are looking for at the point you are adding it to the database ?
d
We don't generally just truncate user data if it's too long, we tell them to fix it 🙂
z
was the text unicode?
d
Unicode question has been raised, and no not that I can tell, submitted value recorded in our error log appears to be straight-up text, no weird characters.
a
Is your varchar column using utf8mb4 ? You'll need that to store emojis.
d
No evidence emojis are involved. Also, this is a clinical system, emojis are unlikely.
j
Could it be an automated submission, or an older browser that doesn’t honor the 
maxlength
attribute? Also, if you don’t have 
type="text"
on the field, that could also cause Chrome and Safari to not respect it.
Ah. Looks like the Safari version is 18.3.1 so it’s not an older version if it’s a human submission
d
Nothing points to an automate submit. Logged in as a real user, pattern of activity looks legit, data looks like a real clinical entry, it's just a few chars too long.
5 Views
Open in Slack
PreviousNext
Powered by