msgpackr 1.11.8 → 1.11.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index-no-eval.cjs +24 -5
- package/dist/index-no-eval.cjs.map +1 -1
- package/dist/index-no-eval.min.js +1 -1
- package/dist/index-no-eval.min.js.map +1 -1
- package/dist/index.js +24 -5
- package/dist/index.js.map +1 -1
- package/dist/index.min.js +1 -1
- package/dist/index.min.js.map +1 -1
- package/dist/node.cjs +24 -5
- package/dist/node.cjs.map +1 -1
- package/dist/test.js +33 -5
- package/dist/test.js.map +1 -1
- package/dist/unpack-no-eval.cjs +24 -5
- package/dist/unpack-no-eval.cjs.map +1 -1
- package/index.d.cts +2 -0
- package/index.d.ts +2 -0
- package/package.json +1 -1
- package/unpack.js +24 -5
package/dist/index.js
CHANGED
|
@@ -575,26 +575,45 @@
|
|
|
575
575
|
} else if ((byte1 & 0xe0) === 0xc0) {
|
|
576
576
|
// 2 bytes
|
|
577
577
|
const byte2 = src[position$1++] & 0x3f;
|
|
578
|
-
|
|
578
|
+
const codePoint = ((byte1 & 0x1f) << 6) | byte2;
|
|
579
|
+
// Reject overlong encoding: 2-byte sequences must encode values >= 0x80
|
|
580
|
+
if (codePoint < 0x80) {
|
|
581
|
+
units.push(0xFFFD); // replacement character
|
|
582
|
+
} else {
|
|
583
|
+
units.push(codePoint);
|
|
584
|
+
}
|
|
579
585
|
} else if ((byte1 & 0xf0) === 0xe0) {
|
|
580
586
|
// 3 bytes
|
|
581
587
|
const byte2 = src[position$1++] & 0x3f;
|
|
582
588
|
const byte3 = src[position$1++] & 0x3f;
|
|
583
|
-
|
|
589
|
+
const codePoint = ((byte1 & 0x1f) << 12) | (byte2 << 6) | byte3;
|
|
590
|
+
// Reject overlong encoding: 3-byte sequences must encode values >= 0x800
|
|
591
|
+
// Also reject surrogates (0xD800-0xDFFF)
|
|
592
|
+
if (codePoint < 0x800 || (codePoint >= 0xD800 && codePoint <= 0xDFFF)) {
|
|
593
|
+
units.push(0xFFFD); // replacement character
|
|
594
|
+
} else {
|
|
595
|
+
units.push(codePoint);
|
|
596
|
+
}
|
|
584
597
|
} else if ((byte1 & 0xf8) === 0xf0) {
|
|
585
598
|
// 4 bytes
|
|
586
599
|
const byte2 = src[position$1++] & 0x3f;
|
|
587
600
|
const byte3 = src[position$1++] & 0x3f;
|
|
588
601
|
const byte4 = src[position$1++] & 0x3f;
|
|
589
602
|
let unit = ((byte1 & 0x07) << 0x12) | (byte2 << 0x0c) | (byte3 << 0x06) | byte4;
|
|
590
|
-
|
|
603
|
+
// Reject overlong encoding: 4-byte sequences must encode values >= 0x10000
|
|
604
|
+
// Also reject values > 0x10FFFF (maximum valid Unicode)
|
|
605
|
+
if (unit < 0x10000 || unit > 0x10FFFF) {
|
|
606
|
+
units.push(0xFFFD); // replacement character
|
|
607
|
+
} else if (unit > 0xffff) {
|
|
591
608
|
unit -= 0x10000;
|
|
592
609
|
units.push(((unit >>> 10) & 0x3ff) | 0xd800);
|
|
593
610
|
unit = 0xdc00 | (unit & 0x3ff);
|
|
611
|
+
units.push(unit);
|
|
612
|
+
} else {
|
|
613
|
+
units.push(unit);
|
|
594
614
|
}
|
|
595
|
-
units.push(unit);
|
|
596
615
|
} else {
|
|
597
|
-
units.push(
|
|
616
|
+
units.push(0xFFFD); // replacement character for invalid lead byte
|
|
598
617
|
}
|
|
599
618
|
|
|
600
619
|
if (units.length >= 0x1000) {
|