Skip to content

Commit

Permalink
querystring: don't stringify bad surrogate pair
Browse files Browse the repository at this point in the history 
Fixes: #3702
PR-URL: #5858
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
  • Loading branch information
@mscdex
mscdex authored and Myles Borins committed Apr 11, 2016
1 parent aed22d0 commit 65fc4e3
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 1 deletion.
7 changes: 6 additions & 1 deletion lib/querystring.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,12 @@ QueryString.escape = function(str) {
}
// Surrogate pair
++i;
c = 0x10000 + (((c & 0x3FF) << 10) | (str.charCodeAt(i) & 0x3FF));
var c2;
if (i < str.length)
c2 = str.charCodeAt(i) & 0x3FF;
else
throw new URIError('URI malformed');
c = 0x10000 + (((c & 0x3FF) << 10) | c2);
out += hexTable[0xF0 | (c >> 18)] +
hexTable[0x80 | ((c >> 12) & 0x3F)] +
hexTable[0x80 | ((c >> 6) & 0x3F)] +
Expand Down
5 changes: 5 additions & 0 deletions test/parallel/test-querystring.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,11 @@ qsWeirdObjects.forEach(function(testCase) {
assert.equal(testCase[1], qs.stringify(testCase[0]));
});

// invalid surrogate pair throws URIError
assert.throws(function() {
qs.stringify({ foo: '\udc00' });
}, URIError);

// coerce numbers to string
assert.strictEqual('foo=0', qs.stringify({ foo: 0 }));
assert.strictEqual('foo=0', qs.stringify({ foo: -0 }));
Expand Down

0 comments on commit 65fc4e3

Please sign in to comment.