Because the filter verification attempts to CSV parse the value (even if it is not a legal CSV string) it crashes upon being supplied a double quote.
The problem has been added as an integration test case in a PR https://github.com/cerebris/jsonapi-resources/pull/629/files
... which can be run using...
bundle exec rake test TEST=test/integration/requests/request_test.rb TESTOPTS="--name=test_filter_with_value_containing_double_quote -v"
A potential solution has also been supplied in that PR - rescuing the resulting "Malformed CSV" error. Rescuing is less desirable than checking for the validity of the CSV string upfront but AFAIK the latter is not possible. If the added code fails to parse the CSV then it simply treats it as a scalar value.
One thing this workaround does not handle is presence of multiple comma delimited double quotes in the filter value, eg.
I don't have a full understanding of the requirements for comma delimited arguments supplied to jsonapi-resources in a filter - do they need to be valid CSV or is this just how jsonapi-resources implements a comma delimited filter value? I may have completely misunderstood the rules on jsonapi filter values.
Also the added test case only asserts that the server does not blow up when supplied a double quote as an argument. A better test case to actually retrieve a resource with a double quote in the filtered attribute would be required if this approach is in the right direction.
Because the filter verification attempts to CSV parse the value (even if it is not a legal CSV string) it crashes upon being supplied a double quote.
The problem has been added as an integration test case in a PR https://github.com/cerebris/jsonapi-resources/pull/629/files
... which can be run using...
A potential solution has also been supplied in that PR - rescuing the resulting "Malformed CSV" error. Rescuing is less desirable than checking for the validity of the CSV string upfront but AFAIK the latter is not possible. If the added code fails to parse the CSV then it simply treats it as a scalar value.
One thing this workaround does not handle is presence of multiple comma delimited double quotes in the filter value, eg.
I don't have a full understanding of the requirements for comma delimited arguments supplied to jsonapi-resources in a filter - do they need to be valid CSV or is this just how jsonapi-resources implements a comma delimited filter value? I may have completely misunderstood the rules on jsonapi filter values.
Also the added test case only asserts that the server does not blow up when supplied a double quote as an argument. A better test case to actually retrieve a resource with a double quote in the filtered attribute would be required if this approach is in the right direction.