@orioro/util 0.11.2 → 0.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/dist/index.js +18 -3
- package/dist/index.mjs +18 -3
- package/dist/strExpr/syntheticJson.d.ts +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
package/dist/index.js
CHANGED
|
@@ -950,11 +950,26 @@ function maybeReturnPromise(result, parseResult) {
|
|
|
950
950
|
return isPromise(result) ? result.then(parseResult) : parseResult(result);
|
|
951
951
|
}
|
|
952
952
|
|
|
953
|
-
function syntheticJson(str) {
|
|
953
|
+
function syntheticJson(str, maxLength) {
|
|
954
|
+
if (maxLength === void 0) {
|
|
955
|
+
maxLength = 10000;
|
|
956
|
+
}
|
|
957
|
+
// Step 0: Reject overly long input early to prevent
|
|
958
|
+
// any possible vulnerability with ReDoS
|
|
959
|
+
if (str.length > maxLength) {
|
|
960
|
+
throw new Error('Input too large');
|
|
961
|
+
}
|
|
954
962
|
// Step 1: Replace single quotes with double quotes
|
|
955
963
|
var normalized = str.replace(/'/g, '"');
|
|
956
|
-
// Step 2: Add quotes around unquoted keys
|
|
957
|
-
|
|
964
|
+
// Step 2: Add quotes around unquoted keys with limited whitespace,
|
|
965
|
+
// only if followed by
|
|
966
|
+
// - double-quoted string (")
|
|
967
|
+
// - positive or negative number (-?\d)
|
|
968
|
+
// - start of object ({)
|
|
969
|
+
// - start of array ([)
|
|
970
|
+
// - null
|
|
971
|
+
// - true or false
|
|
972
|
+
normalized = normalized.replace(/([a-zA-Z0-9_]+)\s{0,5}:\s{0,5}(?=("|-?\d|\{|\[|null|true|false))/g, '"$1":');
|
|
958
973
|
// Step 3: Parse as JSON
|
|
959
974
|
try {
|
|
960
975
|
return JSON.parse(normalized);
|
package/dist/index.mjs
CHANGED
|
@@ -948,11 +948,26 @@ function maybeReturnPromise(result, parseResult) {
|
|
|
948
948
|
return isPromise(result) ? result.then(parseResult) : parseResult(result);
|
|
949
949
|
}
|
|
950
950
|
|
|
951
|
-
function syntheticJson(str) {
|
|
951
|
+
function syntheticJson(str, maxLength) {
|
|
952
|
+
if (maxLength === void 0) {
|
|
953
|
+
maxLength = 10000;
|
|
954
|
+
}
|
|
955
|
+
// Step 0: Reject overly long input early to prevent
|
|
956
|
+
// any possible vulnerability with ReDoS
|
|
957
|
+
if (str.length > maxLength) {
|
|
958
|
+
throw new Error('Input too large');
|
|
959
|
+
}
|
|
952
960
|
// Step 1: Replace single quotes with double quotes
|
|
953
961
|
var normalized = str.replace(/'/g, '"');
|
|
954
|
-
// Step 2: Add quotes around unquoted keys
|
|
955
|
-
|
|
962
|
+
// Step 2: Add quotes around unquoted keys with limited whitespace,
|
|
963
|
+
// only if followed by
|
|
964
|
+
// - double-quoted string (")
|
|
965
|
+
// - positive or negative number (-?\d)
|
|
966
|
+
// - start of object ({)
|
|
967
|
+
// - start of array ([)
|
|
968
|
+
// - null
|
|
969
|
+
// - true or false
|
|
970
|
+
normalized = normalized.replace(/([a-zA-Z0-9_]+)\s{0,5}:\s{0,5}(?=("|-?\d|\{|\[|null|true|false))/g, '"$1":');
|
|
956
971
|
// Step 3: Parse as JSON
|
|
957
972
|
try {
|
|
958
973
|
return JSON.parse(normalized);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
export declare function syntheticJson(str: string): unknown;
|
|
1
|
+
export declare function syntheticJson(str: string, maxLength?: number): unknown;
|