In http.dart we have few function that dumps output from the package repository server to terminal:
|
void handleJsonSuccess(http.Response response) { |
|
var parsed = parseJsonResponse(response); |
|
if (parsed['success'] is! Map || |
|
!parsed['success'].containsKey('message') || |
|
parsed['success']['message'] is! String) { |
|
invalidServerResponse(response); |
|
} |
|
log.message(log.green(parsed['success']['message'])); |
|
} |
|
|
|
/// Handles an unsuccessful JSON-formatted response from pub.dartlang.org. |
|
/// |
|
/// These responses are expected to be of the form `{"error": {"message": "some |
|
/// message"}}`. If the format is correct, the message will be raised as an |
|
/// error; otherwise an [invalidServerResponse] error will be raised. |
|
void handleJsonError(http.Response response) { |
|
var errorMap = parseJsonResponse(response); |
|
if (errorMap['error'] is! Map || |
|
!errorMap['error'].containsKey('message') || |
|
errorMap['error']['message'] is! String) { |
|
invalidServerResponse(response); |
|
} |
|
fail(log.red(errorMap['error']['message'])); |
|
} |
|
|
|
/// Parses a response body, assuming it's JSON-formatted. |
|
/// |
|
/// Throws a user-friendly error if the response body is invalid JSON, or if |
|
/// it's not a map. |
|
Map parseJsonResponse(http.Response response) { |
|
Object value; |
|
try { |
|
value = jsonDecode(response.body); |
|
} on FormatException { |
|
invalidServerResponse(response); |
|
} |
|
if (value is! Map) invalidServerResponse(response); |
|
return value; |
|
} |
|
|
|
/// Throws an error describing an invalid response from the server. |
|
void invalidServerResponse(http.Response response) => |
|
fail(log.red('Invalid server response:\n${response.body}')); |
It would probably be wise to apply some sanitizing to this output, similar to what @themisir did for message="..." in www-authenticate.
IMO, we should break message sanitizing logic into a utility function and use when printing output from a server.
In particular I think it's unreasonable to allow servers to print ANSI escape codes, and such... maybe a few newlines, but not too many. And not too long messages.
I haven't check if there is anything weird you can do here, I'm just imagining there could be...
In
http.dartwe have few function that dumps output from the package repository server to terminal:pub/lib/src/http.dart
Lines 304 to 346 in 570cb28
It would probably be wise to apply some sanitizing to this output, similar to what @themisir did for
message="..."inwww-authenticate.IMO, we should break message sanitizing logic into a utility function and use when printing output from a server.
In particular I think it's unreasonable to allow servers to print ANSI escape codes, and such... maybe a few newlines, but not too many. And not too long messages.
I haven't check if there is anything weird you can do here, I'm just imagining there could be...