1

I have a search box.

I search for: <- blank spaces in my search box.

My form validation catches this.

url posts blanks

The URL shows: ++++++++++++++++

If I search for: <script>alert(1);</script>

another search

The URL shows: <script>alert%281%29%3B<%2Fscript>

The Question

Where in Django can I alter / change / modify the request that determines the request URL? I'm thinking middleware but I haven't found an example. Would I have to create an entirely new HttpRequest from scratch?

Why do I want to?

I want to encode the URL differently. For example, strip all punctuation from the q= value, replace whitespace, strip, replace single spaces with + to have cleaner URLs.

Really looking for a clear example with CODE.

Jarad
  • 17,409
  • 19
  • 95
  • 154
  • 1
    This is how you send form data in a HTTP get request with content-type: application/x-www-form-urlencoded. It's defined in the HTTP standard. It's not something django specific. The url is created in the browser according to the http standard. – Håken Lid Feb 17 '21 at 19:50
  • 1
    If you don't like the standard behaviour (which is the same as used in stackoverflow search, google search etc.) I think the simplest option is to use javascript and change the form's onsubmit handler. You can replace unwanted characters before submitting the query. https://stackoverflow.com/questions/6912197/change-value-of-input-and-submit-form-in-javascript – Håken Lid Feb 17 '21 at 20:04
  • onsubmit visibly changes the input's value right before submitting - a behavior I do not want. – Jarad Feb 17 '21 at 20:59
  • That can be avoided. For example you can create a clone of the form with cloneNode, change the query value there and submit the clone form. If you need help with that, you can ask a new question using the javascript tag. There might be simpler solutions too. You could probably just change `window.location.search` to the query you want. That should be equivalent to submitting the form. – Håken Lid Feb 17 '21 at 21:29

0 Answers0