Browse Source

querystring: don't inherit from Object.prototype

This commit safely allows querystring keys that are named the same as
properties that are ordinarily inherited from Object.prototype such
as __proto__. Additionally, this commit provides a bit of a speed
improvement (~25% in the querystring-parse 'manypairs' benchmark)
when there are many unique keys.

Fixes: https://github.com/nodejs/node/issues/5642
PR-URL: https://github.com/nodejs/node/pull/6055
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
process-exit-stdio-flushing
Brian White 9 years ago
parent
commit
dba245f796
No known key found for this signature in database GPG Key ID: 606D7358F94DA209
  1. 8
      lib/querystring.js
  2. 6
      test/parallel/test-querystring.js

8
lib/querystring.js

@ -5,6 +5,12 @@
const QueryString = exports;
const Buffer = require('buffer').Buffer;
// This constructor is used to store parsed query string values. Instantiating
// this is faster than explicitly calling `Object.create(null)` to get a
// "clean" empty object (tested with v8 v4.9).
function ParsedQueryString() {}
ParsedQueryString.prototype = Object.create(null);
// a safe fast alternative to decodeURIComponent
QueryString.unescapeBuffer = function(s, decodeSpaces) {
@ -216,7 +222,7 @@ QueryString.parse = QueryString.decode = function(qs, sep, eq, options) {
sep = sep || '&';
eq = eq || '=';
const obj = {};
const obj = new ParsedQueryString();
if (typeof qs !== 'string' || qs.length === 0) {
return obj;

6
test/parallel/test-querystring.js

@ -9,6 +9,12 @@ var qs = require('querystring');
// {{{
// [ wonkyQS, canonicalQS, obj ]
var qsTestCases = [
['__proto__=1',
'__proto__=1',
JSON.parse('{"__proto__":"1"}')],
['__defineGetter__=asdf',
'__defineGetter__=asdf',
JSON.parse('{"__defineGetter__":"asdf"}')],
['foo=918854443121279438895193',
'foo=918854443121279438895193',
{'foo': '918854443121279438895193'}],

Loading…
Cancel
Save