what's with the snowman?

what's with the snowman in forms?

<div style="margin:0;padding:0;display:inline">
  <input name="_snowman" type="hidden" value=":snowman_with_snow:">
  <input name="authenticity_token" type="hidden"
value="DOw4is1mrktdfQqm6HMUSmeSDTC73BGqt1z0OwDwsbU=">
</div>

mirek rusin

Mirek Rusin wrote:

what's with the snowman in forms?

<div style="margin:0;padding:0;display:inline">
  <input name="_snowman" type="hidden" value=":snowman_with_snow:">
  <input name="authenticity_token" type="hidden"
value="DOw4is1mrktdfQqm6HMUSmeSDTC73BGqt1z0OwDwsbU=">
</div>

mirek rusin

http://railssnowman.info/

what's with the snowman in forms?

<div style="margin:0;padding:0;display:inline">
<input name="_snowman" type="hidden" value=":snowman_with_snow:">
<input name="authenticity_token" type="hidden"
value="DOw4is1mrktdfQqm6HMUSmeSDTC73BGqt1z0OwDwsbU=">
</div>

mirek rusin

http://railssnowman.info/

Interesting. Maybe the wrong place to ask this, but...

Why doesn't Rails strip _snowman out of params automagically so I don't have to worry about it?

Why not change authenticity_token to contain UTF8 characters?

I'm mostly just curious...

-philip

Why not change authenticity_token to contain UTF8 characters?

That's a freakin GREAT idea. Or at least don't include the snowman
when doing a GET request from a form... It just looks wrong
somehow...

Philip Hallstrom wrote:

http://railssnowman.info/

Interesting. Maybe the wrong place to ask this, but...

Why doesn't Rails strip _snowman out of params automagically so I don't
have to worry about it?

Well you could most likely include your own Rack middleware to "melt the
_snowman" from your params hash. No need to wait (and hope) for the
Rails team to do it for you.

Why not change authenticity_token to contain UTF8 characters?

I would assume that authenticity_token is some form of SHA-1 hash
encoded in Base64, which by definition produces 7-bit ASCII character
strings.

Philip Hallstrom wrote:

http://railssnowman.info/

Interesting. Maybe the wrong place to ask this, but...

Why doesn't Rails strip _snowman out of params automagically so I don't
have to worry about it?

As of tonight the snowman is gone entirely. The key is "utf8" and the
value is ✓ (&#x2713;). Far more on the sane side.

Parker Selbert wrote:

Philip Hallstrom wrote:

http://railssnowman.info/

Interesting. Maybe the wrong place to ask this, but...

Why doesn't Rails strip _snowman out of params automagically so I don't
have to worry about it?

As of tonight the snowman is gone entirely. The key is "utf8" and the
value is ✓ (&#x2713;). Far more on the sane side.

Probably saner, but the snowman was cute! I'll miss it.

Best,

Why not change authenticity_token to contain UTF8 characters?

I would assume that authenticity_token is some form of SHA-1 hash
encoded in Base64, which by definition produces 7-bit ASCII character
strings.

Oh, duh. That makes sense. Still, they could just strip it off the end... but that might be overloading behavior into something that's "been around" for a long time.

-philip.