limit request size, closes #107

isso/utils/__init__.py

@@ -8,9 +8,11 @@ werkzeug = pkg_resources.get_distribution("werkzeug")
 import json
 import hashlib
 
-from werkzeug.wrappers import Request, Response
+from werkzeug.wrappers import Response
 from werkzeug.exceptions import BadRequest
 
+from isso.wsgi import Request
+
 try:
     import ipaddress
 except ImportError:

isso/views/comments.py

@@ -142,6 +142,9 @@ class API(object):
         if len(comment["text"].rstrip()) < 3:
             return False, "text is too short (minimum length: 3)"
 
+        if len(comment["text"]) > 65535:
+            return False, "text is too long (maximum length: 65535)"
+
         if len(comment.get("email") or "") > 254:
             return False, "http://tools.ietf.org/html/rfc5321#section-4.5.3"
 

isso/wsgi.py

@@ -17,6 +17,7 @@ except ImportError:
     from BaseHTTPServer import HTTPServer
 
 from werkzeug.serving import WSGIRequestHandler
+from werkzeug.wrappers import Request as _Request
 from werkzeug.datastructures import Headers
 
 from isso.compat import string_types
@@ -148,6 +149,14 @@ class CORSMiddleware(object):
         return self.app(environ, add_cors_headers)
 
 
+class Request(_Request):
+
+    # Assuming UTF-8, comments with 65536 characters would consume
+    # 128 kb memory. The remaining 128 kb cover additional parameters
+    # and WSGI headers.
+    max_content_length = 256 * 1024
+
+
 class SocketWSGIRequestHandler(WSGIRequestHandler):
 
     def run_wsgi(self):