msgpackr 1.11.8 → 1.11.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index-no-eval.cjs +24 -5
- package/dist/index-no-eval.cjs.map +1 -1
- package/dist/index-no-eval.min.js +1 -1
- package/dist/index-no-eval.min.js.map +1 -1
- package/dist/index.js +24 -5
- package/dist/index.js.map +1 -1
- package/dist/index.min.js +1 -1
- package/dist/index.min.js.map +1 -1
- package/dist/node.cjs +24 -5
- package/dist/node.cjs.map +1 -1
- package/dist/test.js +33 -5
- package/dist/test.js.map +1 -1
- package/dist/unpack-no-eval.cjs +24 -5
- package/dist/unpack-no-eval.cjs.map +1 -1
- package/index.d.cts +2 -0
- package/index.d.ts +2 -0
- package/package.json +1 -1
- package/unpack.js +24 -5
package/dist/index-no-eval.cjs
CHANGED
|
@@ -576,26 +576,45 @@
|
|
|
576
576
|
} else if ((byte1 & 0xe0) === 0xc0) {
|
|
577
577
|
// 2 bytes
|
|
578
578
|
const byte2 = src[position$1++] & 0x3f;
|
|
579
|
-
|
|
579
|
+
const codePoint = ((byte1 & 0x1f) << 6) | byte2;
|
|
580
|
+
// Reject overlong encoding: 2-byte sequences must encode values >= 0x80
|
|
581
|
+
if (codePoint < 0x80) {
|
|
582
|
+
units.push(0xFFFD); // replacement character
|
|
583
|
+
} else {
|
|
584
|
+
units.push(codePoint);
|
|
585
|
+
}
|
|
580
586
|
} else if ((byte1 & 0xf0) === 0xe0) {
|
|
581
587
|
// 3 bytes
|
|
582
588
|
const byte2 = src[position$1++] & 0x3f;
|
|
583
589
|
const byte3 = src[position$1++] & 0x3f;
|
|
584
|
-
|
|
590
|
+
const codePoint = ((byte1 & 0x1f) << 12) | (byte2 << 6) | byte3;
|
|
591
|
+
// Reject overlong encoding: 3-byte sequences must encode values >= 0x800
|
|
592
|
+
// Also reject surrogates (0xD800-0xDFFF)
|
|
593
|
+
if (codePoint < 0x800 || (codePoint >= 0xD800 && codePoint <= 0xDFFF)) {
|
|
594
|
+
units.push(0xFFFD); // replacement character
|
|
595
|
+
} else {
|
|
596
|
+
units.push(codePoint);
|
|
597
|
+
}
|
|
585
598
|
} else if ((byte1 & 0xf8) === 0xf0) {
|
|
586
599
|
// 4 bytes
|
|
587
600
|
const byte2 = src[position$1++] & 0x3f;
|
|
588
601
|
const byte3 = src[position$1++] & 0x3f;
|
|
589
602
|
const byte4 = src[position$1++] & 0x3f;
|
|
590
603
|
let unit = ((byte1 & 0x07) << 0x12) | (byte2 << 0x0c) | (byte3 << 0x06) | byte4;
|
|
591
|
-
|
|
604
|
+
// Reject overlong encoding: 4-byte sequences must encode values >= 0x10000
|
|
605
|
+
// Also reject values > 0x10FFFF (maximum valid Unicode)
|
|
606
|
+
if (unit < 0x10000 || unit > 0x10FFFF) {
|
|
607
|
+
units.push(0xFFFD); // replacement character
|
|
608
|
+
} else if (unit > 0xffff) {
|
|
592
609
|
unit -= 0x10000;
|
|
593
610
|
units.push(((unit >>> 10) & 0x3ff) | 0xd800);
|
|
594
611
|
unit = 0xdc00 | (unit & 0x3ff);
|
|
612
|
+
units.push(unit);
|
|
613
|
+
} else {
|
|
614
|
+
units.push(unit);
|
|
595
615
|
}
|
|
596
|
-
units.push(unit);
|
|
597
616
|
} else {
|
|
598
|
-
units.push(
|
|
617
|
+
units.push(0xFFFD); // replacement character for invalid lead byte
|
|
599
618
|
}
|
|
600
619
|
|
|
601
620
|
if (units.length >= 0x1000) {
|