what's with the snowman?

what's with the snowman in forms?

<div style="margin:0;padding:0;display:inline">   <input name="_snowman" type="hidden" value=":snowman_with_snow:">   <input name="authenticity_token" type="hidden" value="DOw4is1mrktdfQqm6HMUSmeSDTC73BGqt1z0OwDwsbU="> </div>

mirek rusin

Mirek Rusin wrote:

what's with the snowman in forms?

<div style="margin:0;padding:0;display:inline">   <input name="_snowman" type="hidden" value=":snowman_with_snow:">   <input name="authenticity_token" type="hidden" value="DOw4is1mrktdfQqm6HMUSmeSDTC73BGqt1z0OwDwsbU="> </div>

mirek rusin

http://railssnowman.info/

what's with the snowman in forms?

<div style="margin:0;padding:0;display:inline"> <input name="_snowman" type="hidden" value=":snowman_with_snow:"> <input name="authenticity_token" type="hidden" value="DOw4is1mrktdfQqm6HMUSmeSDTC73BGqt1z0OwDwsbU="> </div>

mirek rusin

http://railssnowman.info/

Interesting. Maybe the wrong place to ask this, but...

Why doesn't Rails strip _snowman out of params automagically so I don't have to worry about it?

Why not change authenticity_token to contain UTF8 characters?

I'm mostly just curious...

-philip

Why not change authenticity_token to contain UTF8 characters?

That's a freakin GREAT idea. Or at least don't include the snowman when doing a GET request from a form... It just looks wrong somehow...

Philip Hallstrom wrote:

http://railssnowman.info/

Interesting. Maybe the wrong place to ask this, but...

Why doesn't Rails strip _snowman out of params automagically so I don't have to worry about it?

Well you could most likely include your own Rack middleware to "melt the _snowman" from your params hash. No need to wait (and hope) for the Rails team to do it for you.

Why not change authenticity_token to contain UTF8 characters?

I would assume that authenticity_token is some form of SHA-1 hash encoded in Base64, which by definition produces 7-bit ASCII character strings.

Philip Hallstrom wrote:

http://railssnowman.info/

Interesting. Maybe the wrong place to ask this, but...

Why doesn't Rails strip _snowman out of params automagically so I don't have to worry about it?

As of tonight the snowman is gone entirely. The key is "utf8" and the value is ✓ (&#x2713;). Far more on the sane side.

Parker Selbert wrote:

Philip Hallstrom wrote:

http://railssnowman.info/

Interesting. Maybe the wrong place to ask this, but...

Why doesn't Rails strip _snowman out of params automagically so I don't have to worry about it?

As of tonight the snowman is gone entirely. The key is "utf8" and the value is ✓ (&#x2713;). Far more on the sane side.

Probably saner, but the snowman was cute! I'll miss it.

Best,

Why not change authenticity_token to contain UTF8 characters?

I would assume that authenticity_token is some form of SHA-1 hash encoded in Base64, which by definition produces 7-bit ASCII character strings.

Oh, duh. That makes sense. Still, they could just strip it off the end... but that might be overloading behavior into something that's "been around" for a long time.

-philip.