> The second problem is that implementations may use different ways of encoding arrays. The two most common ones that I know of are:
> 2. A single pair where the key name ends with [] and the value is a comma-separated list, i.e. numbers[]=1,2
wait, is this really a thing? I know some libraries/languages (notably PHP) use [] in field name to indicate this should be parsed into array, but this is purely application-specific convention and has no special meaning on browser/http level, the on-the-wire protocol always lists same name multiple times. Is the author simply wrong here?
(also, I don't understand the author's problem with multipart/form-data lack-of-escaping. The whole idea of sender defining boundary separator is it can ensure it won't appear in data, either by making it long enough that this is statistically impossible, or by choosing a short one that is guaranteed not to appear in the file)
> The second problem is that implementations may use different ways of encoding arrays. The two most common ones that I know of are:
> 2. A single pair where the key name ends with [] and the value is a comma-separated list, i.e. numbers[]=1,2
wait, is this really a thing? I know some libraries/languages (notably PHP) use [] in field name to indicate this should be parsed into array, but this is purely application-specific convention and has no special meaning on browser/http level, the on-the-wire protocol always lists same name multiple times. Is the author simply wrong here?
(also, I don't understand the author's problem with multipart/form-data lack-of-escaping. The whole idea of sender defining boundary separator is it can ensure it won't appear in data, either by making it long enough that this is statistically impossible, or by choosing a short one that is guaranteed not to appear in the file)