qs 6.5.2 → 6.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/.editorconfig CHANGED
@@ -7,7 +7,7 @@ end_of_line = lf
7
7
  charset = utf-8
8
8
  trim_trailing_whitespace = true
9
9
  insert_final_newline = true
10
- max_line_length = 140
10
+ max_line_length = 160
11
11
 
12
12
  [test/*]
13
13
  max_line_length = off
package/.eslintrc CHANGED
@@ -9,8 +9,10 @@
9
9
  "func-name-matching": 0,
10
10
  "id-length": [2, { "min": 1, "max": 25, "properties": "never" }],
11
11
  "indent": [2, 4],
12
- "max-params": [2, 12],
13
- "max-statements": [2, 45],
12
+ "max-lines-per-function": [2, { "max": 150 }],
13
+ "max-params": [2, 14],
14
+ "max-statements": [2, 52],
15
+ "multiline-comment-style": 0,
14
16
  "no-continue": 1,
15
17
  "no-magic-numbers": 0,
16
18
  "no-restricted-syntax": [2, "BreakStatement", "DebuggerStatement", "ForInStatement", "LabeledStatement", "WithStatement"],
package/CHANGELOG.md CHANGED
@@ -1,3 +1,33 @@
1
+ ## **6.7.0**
2
+ - [New] `stringify`/`parse`: add `comma` as an `arrayFormat` option (#276, #219)
3
+ - [Fix] correctly parse nested arrays (#212)
4
+ - [Fix] `utils.merge`: avoid a crash with a null target and a truthy non-array source, also with an array source
5
+ - [Robustness] `stringify`: cache `Object.prototype.hasOwnProperty`
6
+ - [Refactor] `utils`: `isBuffer`: small tweak; add tests
7
+ - [Refactor] use cached `Array.isArray`
8
+ - [Refactor] `parse`/`stringify`: make a function to normalize the options
9
+ - [Refactor] `utils`: reduce observable [[Get]]s
10
+ - [Refactor] `stringify`/`utils`: cache `Array.isArray`
11
+ - [Tests] always use `String(x)` over `x.toString()`
12
+ - [Tests] fix Buffer tests to work in node < 4.5 and node < 5.10
13
+ - [Tests] temporarily allow coverage to fail
14
+
15
+ ## **6.6.0**
16
+ - [New] Add support for iso-8859-1, utf8 "sentinel" and numeric entities (#268)
17
+ - [New] move two-value combine to a `utils` function (#189)
18
+ - [Fix] `stringify`: fix a crash with `strictNullHandling` and a custom `filter`/`serializeDate` (#279)
19
+ - [Fix] when `parseArrays` is false, properly handle keys ending in `[]` (#260)
20
+ - [Fix] `stringify`: do not crash in an obscure combo of `interpretNumericEntities`, a bad custom `decoder`, & `iso-8859-1`
21
+ - [Fix] `utils`: `merge`: fix crash when `source` is a truthy primitive & no options are provided
22
+ - [refactor] `stringify`: Avoid arr = arr.concat(...), push to the existing instance (#269)
23
+ - [Refactor] `parse`: only need to reassign the var once
24
+ - [Refactor] `parse`/`stringify`: clean up `charset` options checking; fix defaults
25
+ - [Refactor] add missing defaults
26
+ - [Refactor] `parse`: one less `concat` call
27
+ - [Refactor] `utils`: `compactQueue`: make it explicitly side-effecting
28
+ - [Dev Deps] update `browserify`, `eslint`, `@ljharb/eslint-config`, `iconv-lite`, `safe-publish-latest`, `tape`
29
+ - [Tests] up to `node` `v10.10`, `v9.11`, `v8.12`, `v6.14`, `v4.9`; pin included builds to LTS
30
+
1
31
  ## **6.5.2**
2
32
  - [Fix] use `safer-buffer` instead of `Buffer` constructor
3
33
  - [Refactor] utils: `module.exports` one thing, instead of mutating `exports` (#230)
package/README.md CHANGED
@@ -146,6 +146,62 @@ var withDots = qs.parse('a.b=c', { allowDots: true });
146
146
  assert.deepEqual(withDots, { a: { b: 'c' } });
147
147
  ```
148
148
 
149
+ If you have to deal with legacy browsers or services, there's
150
+ also support for decoding percent-encoded octets as iso-8859-1:
151
+
152
+ ```javascript
153
+ var oldCharset = qs.parse('a=%A7', { charset: 'iso-8859-1' });
154
+ assert.deepEqual(oldCharset, { a: '§' });
155
+ ```
156
+
157
+ Some services add an initial `utf8=✓` value to forms so that old
158
+ Internet Explorer versions are more likely to submit the form as
159
+ utf-8. Additionally, the server can check the value against wrong
160
+ encodings of the checkmark character and detect that a query string
161
+ or `application/x-www-form-urlencoded` body was *not* sent as
162
+ utf-8, eg. if the form had an `accept-charset` parameter or the
163
+ containing page had a different character set.
164
+
165
+ **qs** supports this mechanism via the `charsetSentinel` option.
166
+ If specified, the `utf8` parameter will be omitted from the
167
+ returned object. It will be used to switch to `iso-8859-1`/`utf-8`
168
+ mode depending on how the checkmark is encoded.
169
+
170
+ **Important**: When you specify both the `charset` option and the
171
+ `charsetSentinel` option, the `charset` will be overridden when
172
+ the request contains a `utf8` parameter from which the actual
173
+ charset can be deduced. In that sense the `charset` will behave
174
+ as the default charset rather than the authoritative charset.
175
+
176
+ ```javascript
177
+ var detectedAsUtf8 = qs.parse('utf8=%E2%9C%93&a=%C3%B8', {
178
+ charset: 'iso-8859-1',
179
+ charsetSentinel: true
180
+ });
181
+ assert.deepEqual(detectedAsUtf8, { a: 'ø' });
182
+
183
+ // Browsers encode the checkmark as &#10003; when submitting as iso-8859-1:
184
+ var detectedAsIso8859_1 = qs.parse('utf8=%26%2310003%3B&a=%F8', {
185
+ charset: 'utf-8',
186
+ charsetSentinel: true
187
+ });
188
+ assert.deepEqual(detectedAsIso8859_1, { a: 'ø' });
189
+ ```
190
+
191
+ If you want to decode the `&#...;` syntax to the actual character,
192
+ you can specify the `interpretNumericEntities` option as well:
193
+
194
+ ```javascript
195
+ var detectedAsIso8859_1 = qs.parse('a=%26%239786%3B', {
196
+ charset: 'iso-8859-1',
197
+ interpretNumericEntities: true
198
+ });
199
+ assert.deepEqual(detectedAsIso8859_1, { a: '☺' });
200
+ ```
201
+
202
+ It also works when the charset has been detected in `charsetSentinel`
203
+ mode.
204
+
149
205
  ### Parsing Arrays
150
206
 
151
207
  **qs** can also parse arrays using a similar `[]` notation:
@@ -182,7 +238,7 @@ assert.deepEqual(withIndexedEmptyString, { a: ['b', '', 'c'] });
182
238
  ```
183
239
 
184
240
  **qs** will also limit specifying indices in an array to a maximum index of `20`. Any array members with an index of greater than `20` will
185
- instead be converted to an object with the index as the key:
241
+ instead be converted to an object with the index as the key. This is needed to handle cases when someone sent, for example, `a[999999999]` and it will take significant time to iterate over this huge array.
186
242
 
187
243
  ```javascript
188
244
  var withMaxIndex = qs.parse('a[100]=b');
@@ -217,6 +273,13 @@ var arraysOfObjects = qs.parse('a[][b]=c');
217
273
  assert.deepEqual(arraysOfObjects, { a: [{ b: 'c' }] });
218
274
  ```
219
275
 
276
+ Some people use comma to join array, **qs** can parse it:
277
+ ```javascript
278
+ var arraysOfObjects = qs.parse('a=b,c', { comma: true })
279
+ assert.deepEqual(arraysOfObjects, { a: ['b', 'c'] })
280
+ ```
281
+ (_this cannot convert nested objects, such as `a={b:1},{c:d}`_)
282
+
220
283
  ### Stringifying
221
284
 
222
285
  [](#preventEval)
@@ -292,6 +355,8 @@ qs.stringify({ a: ['b', 'c'] }, { arrayFormat: 'brackets' })
292
355
  // 'a[]=b&a[]=c'
293
356
  qs.stringify({ a: ['b', 'c'] }, { arrayFormat: 'repeat' })
294
357
  // 'a=b&a=c'
358
+ qs.stringify({ a: ['b', 'c'] }, { arrayFormat: 'comma' })
359
+ // 'a=b,c'
295
360
  ```
296
361
 
297
362
  When objects are stringified, by default they use bracket notation:
@@ -426,10 +491,40 @@ var nullsSkipped = qs.stringify({ a: 'b', c: null}, { skipNulls: true });
426
491
  assert.equal(nullsSkipped, 'a=b');
427
492
  ```
428
493
 
494
+ If you're communicating with legacy systems, you can switch to `iso-8859-1`
495
+ using the `charset` option:
496
+
497
+ ```javascript
498
+ var iso = qs.stringify({ æ: 'æ' }, { charset: 'iso-8859-1' });
499
+ assert.equal(iso, '%E6=%E6');
500
+ ```
501
+
502
+ Characters that don't exist in `iso-8859-1` will be converted to numeric
503
+ entities, similar to what browsers do:
504
+
505
+ ```javascript
506
+ var numeric = qs.stringify({ a: '☺' }, { charset: 'iso-8859-1' });
507
+ assert.equal(numeric, 'a=%26%239786%3B');
508
+ ```
509
+
510
+ You can use the `charsetSentinel` option to announce the character by
511
+ including an `utf8=✓` parameter with the proper encoding if the checkmark,
512
+ similar to what Ruby on Rails and others do when submitting forms.
513
+
514
+ ```javascript
515
+ var sentinel = qs.stringify({ a: '☺' }, { charsetSentinel: true });
516
+ assert.equal(sentinel, 'utf8=%E2%9C%93&a=%E2%98%BA');
517
+
518
+ var isoSentinel = qs.stringify({ a: 'æ' }, { charsetSentinel: true, charset: 'iso-8859-1' });
519
+ assert.equal(isoSentinel, 'utf8=%26%2310003%3B&a=%E6');
520
+ ```
521
+
429
522
  ### Dealing with special character sets
430
523
 
431
- By default the encoding and decoding of characters is done in `utf-8`. If you
432
- wish to encode querystrings to a different character set (i.e.
524
+ By default the encoding and decoding of characters is done in `utf-8`,
525
+ and `iso-8859-1` support is also built in via the `charset` parameter.
526
+
527
+ If you wish to encode querystrings to a different character set (i.e.
433
528
  [Shift JIS](https://en.wikipedia.org/wiki/Shift_JIS)) you can use the
434
529
  [`qs-iconv`](https://github.com/martinheidegger/qs-iconv) library:
435
530