Escape quoted parameter names the way parse understands#447
Closed
naveentehrpariya wants to merge 1 commit into
Closed
Escape quoted parameter names the way parse understands#447naveentehrpariya wants to merge 1 commit into
naveentehrpariya wants to merge 1 commit into
Conversation
stringifyName used JSON.stringify to quote non-identifier parameter names, but parse only recognizes a backslash as escaping the next literal character. The schemes agree for \" and \\, and diverge for every character JSON escapes into a sequence: a name containing a tab stringified to ':"a\tb"', which parse read back as the name 'atb', silently corrupting the token round-trip. Quote names by escaping only '"' and '\', emitting all other characters directly, which parse reads back unchanged. Adds stringify cases for a control character and quote/backslash in names, and a round-trip assertion that parse(stringify(data)) reproduces the original tokens for every stringify case.
|
Isn't this a duplicate of #445? |
Member
|
Thanks @krzysdz. I'm going to close this in favor of the first PR. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
stringifyNameusesJSON.stringifyto quote non-identifier parameter names, butparseonly recognizes a backslash as escaping the next literal character. The two schemes agree for\"and\\— and diverge for every character JSON escapes into a sequence (\t,\n,\uXXXX, …), silently corrupting the round-trip:This changes which parameter a compiled/matched route produces, with no error anywhere.
The fix quotes names by escaping only
"and\and emitting all other characters directly, whichparsereads back unchanged.Also adds stringify cases for a control character and quote/backslash in names, plus a round-trip assertion that
parse(stringify(data))reproduces the original tokens for every stringify case — that assertion fails onmasterfor the new cases and passes here.