Describe the bug
The only thing enforcing a package name character length limit is maxlength=10 on the html input element. This can be easily bypassed.
Expected Behavior
The handler should check and reject packages with names that exceed the limit.
Current Behavior
The limit can be bypassed, see bandsintown
Reproduction Steps
submit a custom payload
Possible Solution
Enforce limits in the handler, not at the html level.
Additional Information/Context
I think the limit of 10 characters is too short.
In the package I submitted, the brand name is 11 characters long. I can't just truncate the name to bandsintow and I can't just use a different name because people are going to look for the brand name, not something else.
Raise the limit to something more reasonable.
V version
V 0.4.12 3caa1b7
Environment details (OS name and version, etc.)
|V full version |V 0.4.12 e3b915dac183902833f2358a6fb76c46d07a52c3.3caa1b7
|:-------------------|:-------------------
|OS |linux, "openmamba release 2025.11.4 for x86_64 (rolling)"
|Processor |8 cpus, 64bit, little endian, Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
|Memory |18.33GB/31.16GB
| |
|V executable |/home/einar/.local/lib64/v/v
|V last modified time|2025-12-01 08:44:50
| |
|V home dir |OK, value: /home/einar/.local/lib64/v
|VMODULES |OK, value: /home/einar/.vmodules
|VTMP |OK, value: /tmp/v_1000
|Current working dir |OK, value: /home/einar/Documents/projects/vlang/active/peony_starter
| |
|Git version |git version 2.52.0
|V git status |weekly.2025.38-392-g3caa1b72
|.git/config present |true
| |
|cc version |cc (GCC) 15.2.1 20251019
|gcc version |gcc (GCC) 15.2.1 20251019
|clang version |N/A
|tcc version |tcc version 0.9.28rc 2025-02-13 HEAD@f8bd136d (x86_64 Linux)
|tcc git status |thirdparty-linux-amd64 696c1d84
|emcc version |N/A
Describe the bug
The only thing enforcing a package name character length limit is
maxlength=10on the html input element. This can be easily bypassed.Expected Behavior
The handler should check and reject packages with names that exceed the limit.
Current Behavior
The limit can be bypassed, see bandsintown
Reproduction Steps
submit a custom payload
Possible Solution
Enforce limits in the handler, not at the html level.
Additional Information/Context
I think the limit of 10 characters is too short.
In the package I submitted, the brand name is 11 characters long. I can't just truncate the name to
bandsintowand I can't just use a different name because people are going to look for the brand name, not something else.Raise the limit to something more reasonable.
V version
V 0.4.12 3caa1b7
Environment details (OS name and version, etc.)