Skip to content

Commit

Permalink
fix: decodeURI <- decodeURIComponent (#149)
Browse files Browse the repository at this point in the history
* fix: correctly decode path

* chore: add tests

---------

Co-authored-by: Luke Edwards <luke.edwards05@gmail.com>
  • Loading branch information
benmccann and lukeed authored Apr 24, 2023
1 parent 52f5dcf commit dfc4281
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 3 deletions.
2 changes: 1 addition & 1 deletion packages/sirv/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,7 @@ export default function (dir, opts={}) {
extns.push(...extensions); // [...br, ...gz, orig, ...exts]

if (pathname.indexOf('%') !== -1) {
try { pathname = decodeURIComponent(pathname) }
try { pathname = decodeURI(pathname) }
catch (err) { /* malform uri */ }
}

Expand Down
32 changes: 30 additions & 2 deletions tests/sirv.js
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ encode('should work when the request path contains encoded characters :: prod',
}
});

encode(`should work when the request path contains space encoded :: dev`, async () => {
encode('should work when the request path contains space encoded :: dev', async () => {
let server = utils.http({ dev: true });

try {
Expand All @@ -136,7 +136,7 @@ encode(`should work when the request path contains space encoded :: dev`, async
}
});

encode(`should work when the request path contains space encoded :: prod`, async () => {
encode('should work when the request path contains space encoded :: prod', async () => {
let server = utils.http({ dev: false });

try {
Expand All @@ -149,6 +149,34 @@ encode(`should work when the request path contains space encoded :: prod`, async
}
});

encode('should not treat "/foo%2Fbar.txt" the same as "/foo.bar.txt" path :: dev', async () => {
let server = utils.http({ dev: true });

try {
let res1 = await server.send('GET', '/about/index.htm');
assert.is(res1.statusCode, 200);

let res2 = await server.send('GET', '/about%2Findex.htm').catch(r => r);
assert.is(res2.statusCode, 404);
} finally {
server.close();
}
});

encode('should not treat "/foo%2Fbar.txt" the same as "/foo.bar.txt" path :: prod', async () => {
let server = utils.http({ dev: false });

try {
let res1 = await server.send('GET', '/about/index.htm');
assert.is(res1.statusCode, 200);

let res2 = await server.send('GET', '/about%2Findex.htm').catch(r => r);
assert.is(res2.statusCode, 404);
} finally {
server.close();
}
});

encode.run();

// ---
Expand Down

0 comments on commit dfc4281

Please sign in to comment.