qs 6.3.1 → 6.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -0
- package/dist/qs.js +9 -6
- package/lib/index.js +0 -0
- package/lib/parse.js +6 -5
- package/lib/stringify.js +0 -0
- package/lib/utils.js +3 -1
- package/package.json +2 -2
- package/test/parse.js +37 -2
- package/test/stringify.js +0 -0
- package/test/utils.js +0 -0
package/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,10 @@
|
|
|
1
|
+
## **6.3.2**
|
|
2
|
+
- [Fix] follow `allowPrototypes` option during merge (#201, #200)
|
|
3
|
+
- [Dev Deps] update `eslint`
|
|
4
|
+
- [Fix] chmod a-x
|
|
5
|
+
- [Fix] support keys starting with brackets (#202, #200)
|
|
6
|
+
- [Tests] up to `node` `v7.7`, `v6.10`,` v4.8`; disable osx builds since they block linux builds
|
|
7
|
+
|
|
1
8
|
## **6.3.1**
|
|
2
9
|
- [Fix] ensure that `allowPrototypes: false` does not ever shadow Object.prototype properties (thanks, @snyk!)
|
|
3
10
|
- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `browserify`, `iconv-lite`, `qs-iconv`, `tape`
|
package/dist/qs.js
CHANGED
|
@@ -118,26 +118,27 @@ var parseKeys = function parseQueryStringKeys(givenKey, val, options) {
|
|
|
118
118
|
|
|
119
119
|
// The regex chunks
|
|
120
120
|
|
|
121
|
-
var
|
|
121
|
+
var brackets = /(\[[^[\]]*])/;
|
|
122
122
|
var child = /(\[[^[\]]*])/g;
|
|
123
123
|
|
|
124
124
|
// Get the parent
|
|
125
125
|
|
|
126
|
-
var segment =
|
|
126
|
+
var segment = brackets.exec(key);
|
|
127
|
+
var parent = segment ? key.slice(0, segment.index) : key;
|
|
127
128
|
|
|
128
129
|
// Stash the parent if it exists
|
|
129
130
|
|
|
130
131
|
var keys = [];
|
|
131
|
-
if (
|
|
132
|
+
if (parent) {
|
|
132
133
|
// If we aren't using plain objects, optionally prefix keys
|
|
133
134
|
// that would overwrite object prototype properties
|
|
134
|
-
if (!options.plainObjects && has.call(Object.prototype,
|
|
135
|
+
if (!options.plainObjects && has.call(Object.prototype, parent)) {
|
|
135
136
|
if (!options.allowPrototypes) {
|
|
136
137
|
return;
|
|
137
138
|
}
|
|
138
139
|
}
|
|
139
140
|
|
|
140
|
-
keys.push(
|
|
141
|
+
keys.push(parent);
|
|
141
142
|
}
|
|
142
143
|
|
|
143
144
|
// Loop through children appending to the array until we hit depth
|
|
@@ -435,7 +436,9 @@ exports.merge = function (target, source, options) {
|
|
|
435
436
|
if (Array.isArray(target)) {
|
|
436
437
|
target.push(source);
|
|
437
438
|
} else if (typeof target === 'object') {
|
|
438
|
-
|
|
439
|
+
if (options.plainObjects || options.allowPrototypes || !has.call(Object.prototype, source)) {
|
|
440
|
+
target[source] = true;
|
|
441
|
+
}
|
|
439
442
|
} else {
|
|
440
443
|
return [target, source];
|
|
441
444
|
}
|
package/lib/index.js
CHANGED
|
File without changes
|
package/lib/parse.js
CHANGED
|
@@ -84,26 +84,27 @@ var parseKeys = function parseQueryStringKeys(givenKey, val, options) {
|
|
|
84
84
|
|
|
85
85
|
// The regex chunks
|
|
86
86
|
|
|
87
|
-
var
|
|
87
|
+
var brackets = /(\[[^[\]]*])/;
|
|
88
88
|
var child = /(\[[^[\]]*])/g;
|
|
89
89
|
|
|
90
90
|
// Get the parent
|
|
91
91
|
|
|
92
|
-
var segment =
|
|
92
|
+
var segment = brackets.exec(key);
|
|
93
|
+
var parent = segment ? key.slice(0, segment.index) : key;
|
|
93
94
|
|
|
94
95
|
// Stash the parent if it exists
|
|
95
96
|
|
|
96
97
|
var keys = [];
|
|
97
|
-
if (
|
|
98
|
+
if (parent) {
|
|
98
99
|
// If we aren't using plain objects, optionally prefix keys
|
|
99
100
|
// that would overwrite object prototype properties
|
|
100
|
-
if (!options.plainObjects && has.call(Object.prototype,
|
|
101
|
+
if (!options.plainObjects && has.call(Object.prototype, parent)) {
|
|
101
102
|
if (!options.allowPrototypes) {
|
|
102
103
|
return;
|
|
103
104
|
}
|
|
104
105
|
}
|
|
105
106
|
|
|
106
|
-
keys.push(
|
|
107
|
+
keys.push(parent);
|
|
107
108
|
}
|
|
108
109
|
|
|
109
110
|
// Loop through children appending to the array until we hit depth
|
package/lib/stringify.js
CHANGED
|
File without changes
|
package/lib/utils.js
CHANGED
|
@@ -31,7 +31,9 @@ exports.merge = function (target, source, options) {
|
|
|
31
31
|
if (Array.isArray(target)) {
|
|
32
32
|
target.push(source);
|
|
33
33
|
} else if (typeof target === 'object') {
|
|
34
|
-
|
|
34
|
+
if (options.plainObjects || options.allowPrototypes || !has.call(Object.prototype, source)) {
|
|
35
|
+
target[source] = true;
|
|
36
|
+
}
|
|
35
37
|
} else {
|
|
36
38
|
return [target, source];
|
|
37
39
|
}
|
package/package.json
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
"name": "qs",
|
|
3
3
|
"description": "A querystring parser that supports nesting and arrays, with a depth limit",
|
|
4
4
|
"homepage": "https://github.com/ljharb/qs",
|
|
5
|
-
"version": "6.3.
|
|
5
|
+
"version": "6.3.2",
|
|
6
6
|
"repository": {
|
|
7
7
|
"type": "git",
|
|
8
8
|
"url": "https://github.com/ljharb/qs.git"
|
|
@@ -27,7 +27,7 @@
|
|
|
27
27
|
"@ljharb/eslint-config": "^11.0.0",
|
|
28
28
|
"browserify": "^14.1.0",
|
|
29
29
|
"covert": "^1.1.0",
|
|
30
|
-
"eslint": "^3.
|
|
30
|
+
"eslint": "^3.17.0",
|
|
31
31
|
"evalmd": "^0.0.17",
|
|
32
32
|
"iconv-lite": "^0.4.15",
|
|
33
33
|
"mkdirp": "^0.5.1",
|
package/test/parse.js
CHANGED
|
@@ -152,8 +152,6 @@ test('parse()', function (t) {
|
|
|
152
152
|
st.end();
|
|
153
153
|
});
|
|
154
154
|
|
|
155
|
-
t.deepEqual(qs.parse('a[b]=c&a=d'), { a: { b: 'c', d: true } }, 'can add keys to objects');
|
|
156
|
-
|
|
157
155
|
t.test('correctly prunes undefined values when converting an array to an object', function (st) {
|
|
158
156
|
st.deepEqual(qs.parse('a[2]=b&a[99999999]=c'), { a: { 2: 'b', 99999999: 'c' } });
|
|
159
157
|
st.end();
|
|
@@ -441,6 +439,43 @@ test('parse()', function (t) {
|
|
|
441
439
|
|
|
442
440
|
t.test('params starting with a closing bracket', function (st) {
|
|
443
441
|
st.deepEqual(qs.parse(']=toString'), { ']': 'toString' });
|
|
442
|
+
st.deepEqual(qs.parse(']]=toString'), { ']]': 'toString' });
|
|
443
|
+
st.deepEqual(qs.parse(']hello]=toString'), { ']hello]': 'toString' });
|
|
444
|
+
st.end();
|
|
445
|
+
});
|
|
446
|
+
|
|
447
|
+
t.test('params starting with a starting bracket', function (st) {
|
|
448
|
+
st.deepEqual(qs.parse('[=toString'), { '[': 'toString' });
|
|
449
|
+
st.deepEqual(qs.parse('[[=toString'), { '[[': 'toString' });
|
|
450
|
+
st.deepEqual(qs.parse('[hello[=toString'), { '[hello[': 'toString' });
|
|
451
|
+
st.end();
|
|
452
|
+
});
|
|
453
|
+
|
|
454
|
+
t.test('add keys to objects', function (st) {
|
|
455
|
+
st.deepEqual(
|
|
456
|
+
qs.parse('a[b]=c&a=d'),
|
|
457
|
+
{ a: { b: 'c', d: true } },
|
|
458
|
+
'can add keys to objects'
|
|
459
|
+
);
|
|
460
|
+
|
|
461
|
+
st.deepEqual(
|
|
462
|
+
qs.parse('a[b]=c&a=toString'),
|
|
463
|
+
{ a: { b: 'c' } },
|
|
464
|
+
'can not overwrite prototype'
|
|
465
|
+
);
|
|
466
|
+
|
|
467
|
+
st.deepEqual(
|
|
468
|
+
qs.parse('a[b]=c&a=toString', { allowPrototypes: true }),
|
|
469
|
+
{ a: { b: 'c', toString: true } },
|
|
470
|
+
'can overwrite prototype with allowPrototypes true'
|
|
471
|
+
);
|
|
472
|
+
|
|
473
|
+
st.deepEqual(
|
|
474
|
+
qs.parse('a[b]=c&a=toString', { plainObjects: true }),
|
|
475
|
+
{ a: { b: 'c', toString: true } },
|
|
476
|
+
'can overwrite prototype with plainObjects true'
|
|
477
|
+
);
|
|
478
|
+
|
|
444
479
|
st.end();
|
|
445
480
|
});
|
|
446
481
|
|
package/test/stringify.js
CHANGED
|
File without changes
|
package/test/utils.js
CHANGED
|
File without changes
|