Browse Source

querystring: don't stringify bad surrogate pair

Fixes: https://github.com/nodejs/node/issues/3702
PR-URL: https://github.com/nodejs/node/pull/5858
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
v4.x
Brian White 9 years ago
committed by Myles Borins
parent
commit
65fc4e36ce
  1. 7
      lib/querystring.js
  2. 5
      test/parallel/test-querystring.js

7
lib/querystring.js

@ -138,7 +138,12 @@ QueryString.escape = function(str) {
}
// Surrogate pair
++i;
c = 0x10000 + (((c & 0x3FF) << 10) | (str.charCodeAt(i) & 0x3FF));
var c2;
if (i < str.length)
c2 = str.charCodeAt(i) & 0x3FF;
else
throw new URIError('URI malformed');
c = 0x10000 + (((c & 0x3FF) << 10) | c2);
out += hexTable[0xF0 | (c >> 18)] +
hexTable[0x80 | ((c >> 12) & 0x3F)] +
hexTable[0x80 | ((c >> 6) & 0x3F)] +

5
test/parallel/test-querystring.js

@ -139,6 +139,11 @@ qsWeirdObjects.forEach(function(testCase) {
assert.equal(testCase[1], qs.stringify(testCase[0]));
});
// invalid surrogate pair throws URIError
assert.throws(function() {
qs.stringify({ foo: '\udc00' });
}, URIError);
// coerce numbers to string
assert.strictEqual('foo=0', qs.stringify({ foo: 0 }));
assert.strictEqual('foo=0', qs.stringify({ foo: -0 }));

Loading…
Cancel
Save