Move control character checking to FU::Validate, deprecate FU::Util::utf8_decode()

URI, JSON and formdata decoding no longer checks for control characters, but FU::Validate now rejects control characters by default. This decouples semantic validation from format parsing and gives better control over when control characters are allowed.
2025-08-22 09:51:56 +02:00 · 2025-08-22 09:51:56 +02:00 · a8ac435f85
commit a8ac435f85
parent 2e9a40da69
8 changed files with 39 additions and 49 deletions
--- a/t/json_parse.t
+++ b/t/json_parse.t
@ -24,11 +24,6 @@ my @error = (
    '"\udc12\u1234"',
    "\"\x{110000}\"",

-    '"\u0000"',
-    '"\b"',
-    '"\f"',
-    '"\u007f"',
-
    '1.',
    '01',
    '1e',
@ -87,6 +82,7 @@ sub str($in, $exp) {
 }
 str '""', '';
 str '"hello, world"', 'hello, world';
+str '"\u0000\b"', "\x00\b";
 str '"\u0099\u0234\u1234"', "\x{99}\x{234}\x{1234}";
 str "\"\x{99}\x{234}\x{1234}\x{12345}\"", "\x{99}\x{234}\x{1234}\x{12345}";
 str '"\/\"\\\\\t\n\r"', "/\"\\\x{09}\x{0a}\x{0d}";
--- a/t/query.t
+++ b/t/query.t
@ -7,9 +7,6 @@ is_deeply
    query_decode('a&a&%c3%be=%26%3d%c3%be&a=3'),
    { a => [ builtin::true, builtin::true, 3 ], "\xfe" => "&=\xfe" };

-ok !eval { query_decode('%10'); 1 };
-like $@, qr/Invalid control character/;
-
 ok !eval { query_decode('a=%fe%83%bf%bf%bf%bf%bf%0a'); 1 };
 like $@, qr/does not map to Unicode/;

--- a/t/validate.t
+++ b/t/validate.t
@ -79,6 +79,10 @@ t { trim => 0 }, " Va\rl id \n ", " Va\rl id \n ";
 f {}, '  ', { validation => 'required' }, 'required value missing';
 t { trim => 0 }, '  ', '  ';

+# allow_control
+f {}, "\b", { validation => 'allow_control' }, 'invalid control character';
+t { allow_control => 1 }, "\b", "\b";
+
 # accept_array
 t { default => undef, accept_array => 'first' }, [], undef;
 t { default => undef, accept_array => 'first' }, [' x '], 'x';