Skip to content

Commit

Permalink
Avoid unescaping %uXXXX in iso-8859-1 mode
Browse files Browse the repository at this point in the history
  • Loading branch information
papandreou authored and ljharb committed Jul 25, 2018
1 parent ce06fcc commit 96b8f4f
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
3 changes: 2 additions & 1 deletion lib/utils.js
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,8 @@ var assign = function assignSingleSource(target, source) {
var decode = function (str, decoder, charset) {
var strWithoutPlus = str.replace(/\+/g, ' ');
if (charset === 'iso-8859-1') {
return unescape(strWithoutPlus); // Cannot throw
// unescape never throws, no try...catch needed:
return strWithoutPlus.replace(/%[0-9a-f]{2}/gi, unescape);
}
// utf-8
try {
Expand Down
5 changes: 5 additions & 0 deletions test/parse.js
Original file line number Diff line number Diff line change
Expand Up @@ -627,5 +627,10 @@ test('parse()', function (t) {
st.end();
});

t.test('does not interpret %uXXXX syntax in iso-8859-1 mode', function (st) {
st.deepEqual(qs.parse('%u263A=%u263A', { charset: 'iso-8859-1' }), { '%u263A': '%u263A' });
st.end();
});

t.end();
});

0 comments on commit 96b8f4f

Please sign in to comment.