qs 6.9.2 → 6.9.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +45 -0
  2. package/dist/qs.js +23 -9
  3. package/lib/parse.js +23 -9
  4. package/package.json +3 -3
  5. package/test/parse.js +8 -0
package/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## **6.9.3**
2
+ - [Fix] proper comma parsing of URL-encoded commas (#361)
3
+ - [Fix] parses comma delimited array while having percent-encoded comma treated as normal text (#336)
4
+
1
5
  ## **6.9.2**
2
6
  - [Fix] `parse`: Fix parsing array from object with `comma` true (#359)
3
7
  - [Fix] `parse`: throw a TypeError instead of an Error for bad charset (#349)
@@ -22,6 +26,23 @@
22
26
  - [Tests] up to `node` `v12.10`, `v11.15`, `v10.16`, `v8.16`
23
27
  - [Tests] `Buffer.from` in node v5.0-v5.9 and v4.0-v4.4 requires a TypedArray
24
28
 
29
+ ## **6.8.2**
30
+ - [Fix] proper comma parsing of URL-encoded commas (#361)
31
+ - [Fix] parses comma delimited array while having percent-encoded comma treated as normal text (#336)
32
+
33
+ ## **6.8.1**
34
+ - [Fix] `parse`: Fix parsing array from object with `comma` true (#359)
35
+ - [Fix] `parse`: throw a TypeError instead of an Error for bad charset (#349)
36
+ - [Fix] `parse`: with comma true, handle field that holds an array of arrays (#335)
37
+ - [fix] `parse`: with comma true, do not split non-string values (#334)
38
+ - [meta] add tidelift marketing copy
39
+ - [meta] add `funding` field
40
+ - [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape`, `safe-publish-latest`, `evalmd`, `has-symbols`, `iconv-lite`, `mkdirp`, `object-inspect`
41
+ - [Tests] `parse`: add passing `arrayFormat` tests
42
+ - [Tests] use shared travis-ci configs
43
+ - [Tests] `Buffer.from` in node v5.0-v5.9 and v4.0-v4.4 requires a TypedArray
44
+ - [actions] add automatic rebasing / merge commit blocking
45
+
25
46
  ## **6.8.0**
26
47
  - [New] add `depth=false` to preserve the original key; [Fix] `depth=0` should preserve the original key (#326)
27
48
  - [New] [Fix] stringify symbols and bigints
@@ -36,6 +57,30 @@
36
57
  - [meta] add FUNDING.yml
37
58
  - [meta] Clean up license text so it’s properly detected as BSD-3-Clause
38
59
 
60
+ ## **6.7.2**
61
+ - [Fix] proper comma parsing of URL-encoded commas (#361)
62
+ - [Fix] parses comma delimited array while having percent-encoded comma treated as normal text (#336)
63
+
64
+ ## **6.7.1**
65
+ - [Fix] `parse`: Fix parsing array from object with `comma` true (#359)
66
+ - [Fix] `parse`: with comma true, handle field that holds an array of arrays (#335)
67
+ - [fix] `parse`: with comma true, do not split non-string values (#334)
68
+ - [Fix] `parse`: throw a TypeError instead of an Error for bad charset (#349)
69
+ - [Fix] fix for an impossible situation: when the formatter is called with a non-string value
70
+ - [Refactor] `formats`: tiny bit of cleanup.
71
+ - readme: add security note
72
+ - [meta] add tidelift marketing copy
73
+ - [meta] add `funding` field
74
+ - [meta] add FUNDING.yml
75
+ - [meta] Clean up license text so it’s properly detected as BSD-3-Clause
76
+ - [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape`, `safe-publish-latest`, `evalmd`, `iconv-lite`, `mkdirp`, `object-inspect`, `browserify`
77
+ - [Tests] `parse`: add passing `arrayFormat` tests
78
+ - [Tests] use shared travis-ci configs
79
+ - [Tests] `Buffer.from` in node v5.0-v5.9 and v4.0-v4.4 requires a TypedArray
80
+ - [Tests] add tests for `depth=0` and `depth=false` behavior, both current and intuitive/intended
81
+ - [Tests] use `eclint` instead of `editorconfig-tools`
82
+ - [actions] add automatic rebasing / merge commit blocking
83
+
39
84
  ## **6.7.0**
40
85
  - [New] `stringify`/`parse`: add `comma` as an `arrayFormat` option (#276, #219)
41
86
  - [Fix] correctly parse nested arrays (#212)
package/dist/qs.js CHANGED
@@ -79,6 +79,17 @@ var parseArrayValue = function (val, options) {
79
79
  return val;
80
80
  };
81
81
 
82
+ var maybeMap = function maybeMap(val, fn) {
83
+ if (isArray(val)) {
84
+ var mapped = [];
85
+ for (var i = 0; i < val.length; i += 1) {
86
+ mapped.push(fn(val[i]));
87
+ }
88
+ return mapped;
89
+ }
90
+ return fn(val);
91
+ };
92
+
82
93
  // This is what browsers will submit when the ✓ character occurs in an
83
94
  // application/x-www-form-urlencoded body and the encoding of the page containing
84
95
  // the form is iso-8859-1, or when the submitted form has an accept-charset
@@ -127,15 +138,18 @@ var parseValues = function parseQueryStringValues(str, options) {
127
138
  val = options.strictNullHandling ? null : '';
128
139
  } else {
129
140
  key = options.decoder(part.slice(0, pos), defaults.decoder, charset, 'key');
130
- val = options.decoder(part.slice(pos + 1), defaults.decoder, charset, 'value');
141
+ val = maybeMap(
142
+ parseArrayValue(part.slice(pos + 1), options),
143
+ function (encodedVal) {
144
+ return options.decoder(encodedVal, defaults.decoder, charset, 'value');
145
+ }
146
+ );
131
147
  }
132
148
 
133
149
  if (val && options.interpretNumericEntities && charset === 'iso-8859-1') {
134
150
  val = interpretNumericEntities(val);
135
151
  }
136
152
 
137
- val = parseArrayValue(val, options);
138
-
139
153
  if (part.indexOf('[]=') > -1) {
140
154
  val = isArray(val) ? [val] : val;
141
155
  }
@@ -150,8 +164,8 @@ var parseValues = function parseQueryStringValues(str, options) {
150
164
  return obj;
151
165
  };
152
166
 
153
- var parseObject = function (chain, val, options) {
154
- var leaf = parseArrayValue(val, options);
167
+ var parseObject = function (chain, val, options, valuesParsed) {
168
+ var leaf = valuesParsed ? val : parseArrayValue(val, options);
155
169
 
156
170
  for (var i = chain.length - 1; i >= 0; --i) {
157
171
  var obj;
@@ -179,13 +193,13 @@ var parseObject = function (chain, val, options) {
179
193
  }
180
194
  }
181
195
 
182
- leaf = obj;
196
+ leaf = obj; // eslint-disable-line no-param-reassign
183
197
  }
184
198
 
185
199
  return leaf;
186
200
  };
187
201
 
188
- var parseKeys = function parseQueryStringKeys(givenKey, val, options) {
202
+ var parseKeys = function parseQueryStringKeys(givenKey, val, options, valuesParsed) {
189
203
  if (!givenKey) {
190
204
  return;
191
205
  }
@@ -236,7 +250,7 @@ var parseKeys = function parseQueryStringKeys(givenKey, val, options) {
236
250
  keys.push('[' + key.slice(segment.index) + ']');
237
251
  }
238
252
 
239
- return parseObject(keys, val, options);
253
+ return parseObject(keys, val, options, valuesParsed);
240
254
  };
241
255
 
242
256
  var normalizeParseOptions = function normalizeParseOptions(opts) {
@@ -288,7 +302,7 @@ module.exports = function (str, opts) {
288
302
  var keys = Object.keys(tempObj);
289
303
  for (var i = 0; i < keys.length; ++i) {
290
304
  var key = keys[i];
291
- var newObj = parseKeys(key, tempObj[key], options);
305
+ var newObj = parseKeys(key, tempObj[key], options, typeof str === 'string');
292
306
  obj = utils.merge(obj, newObj, options);
293
307
  }
294
308
 
package/lib/parse.js CHANGED
@@ -37,6 +37,17 @@ var parseArrayValue = function (val, options) {
37
37
  return val;
38
38
  };
39
39
 
40
+ var maybeMap = function maybeMap(val, fn) {
41
+ if (isArray(val)) {
42
+ var mapped = [];
43
+ for (var i = 0; i < val.length; i += 1) {
44
+ mapped.push(fn(val[i]));
45
+ }
46
+ return mapped;
47
+ }
48
+ return fn(val);
49
+ };
50
+
40
51
  // This is what browsers will submit when the ✓ character occurs in an
41
52
  // application/x-www-form-urlencoded body and the encoding of the page containing
42
53
  // the form is iso-8859-1, or when the submitted form has an accept-charset
@@ -85,15 +96,18 @@ var parseValues = function parseQueryStringValues(str, options) {
85
96
  val = options.strictNullHandling ? null : '';
86
97
  } else {
87
98
  key = options.decoder(part.slice(0, pos), defaults.decoder, charset, 'key');
88
- val = options.decoder(part.slice(pos + 1), defaults.decoder, charset, 'value');
99
+ val = maybeMap(
100
+ parseArrayValue(part.slice(pos + 1), options),
101
+ function (encodedVal) {
102
+ return options.decoder(encodedVal, defaults.decoder, charset, 'value');
103
+ }
104
+ );
89
105
  }
90
106
 
91
107
  if (val && options.interpretNumericEntities && charset === 'iso-8859-1') {
92
108
  val = interpretNumericEntities(val);
93
109
  }
94
110
 
95
- val = parseArrayValue(val, options);
96
-
97
111
  if (part.indexOf('[]=') > -1) {
98
112
  val = isArray(val) ? [val] : val;
99
113
  }
@@ -108,8 +122,8 @@ var parseValues = function parseQueryStringValues(str, options) {
108
122
  return obj;
109
123
  };
110
124
 
111
- var parseObject = function (chain, val, options) {
112
- var leaf = parseArrayValue(val, options);
125
+ var parseObject = function (chain, val, options, valuesParsed) {
126
+ var leaf = valuesParsed ? val : parseArrayValue(val, options);
113
127
 
114
128
  for (var i = chain.length - 1; i >= 0; --i) {
115
129
  var obj;
@@ -137,13 +151,13 @@ var parseObject = function (chain, val, options) {
137
151
  }
138
152
  }
139
153
 
140
- leaf = obj;
154
+ leaf = obj; // eslint-disable-line no-param-reassign
141
155
  }
142
156
 
143
157
  return leaf;
144
158
  };
145
159
 
146
- var parseKeys = function parseQueryStringKeys(givenKey, val, options) {
160
+ var parseKeys = function parseQueryStringKeys(givenKey, val, options, valuesParsed) {
147
161
  if (!givenKey) {
148
162
  return;
149
163
  }
@@ -194,7 +208,7 @@ var parseKeys = function parseQueryStringKeys(givenKey, val, options) {
194
208
  keys.push('[' + key.slice(segment.index) + ']');
195
209
  }
196
210
 
197
- return parseObject(keys, val, options);
211
+ return parseObject(keys, val, options, valuesParsed);
198
212
  };
199
213
 
200
214
  var normalizeParseOptions = function normalizeParseOptions(opts) {
@@ -246,7 +260,7 @@ module.exports = function (str, opts) {
246
260
  var keys = Object.keys(tempObj);
247
261
  for (var i = 0; i < keys.length; ++i) {
248
262
  var key = keys[i];
249
- var newObj = parseKeys(key, tempObj[key], options);
263
+ var newObj = parseKeys(key, tempObj[key], options, typeof str === 'string');
250
264
  obj = utils.merge(obj, newObj, options);
251
265
  }
252
266
 
package/package.json CHANGED
@@ -2,7 +2,7 @@
2
2
  "name": "qs",
3
3
  "description": "A querystring parser that supports nesting and arrays, with a depth limit",
4
4
  "homepage": "https://github.com/ljharb/qs",
5
- "version": "6.9.2",
5
+ "version": "6.9.3",
6
6
  "repository": {
7
7
  "type": "git",
8
8
  "url": "https://github.com/ljharb/qs.git"
@@ -40,7 +40,7 @@
40
40
  "for-each": "^0.3.3",
41
41
  "has-symbols": "^1.0.1",
42
42
  "iconv-lite": "^0.5.1",
43
- "mkdirp": "^0.5.3",
43
+ "mkdirp": "^0.5.4",
44
44
  "object-inspect": "^1.7.0",
45
45
  "qs-iconv": "^1.0.4",
46
46
  "safe-publish-latest": "^1.1.4",
@@ -52,7 +52,7 @@
52
52
  "pretest": "npm run --silent readme && npm run --silent lint",
53
53
  "test": "npm run --silent coverage",
54
54
  "tests-only": "node test",
55
- "posttest": "npx aud",
55
+ "posttest": "npx aud --production",
56
56
  "readme": "evalmd README.md",
57
57
  "postlint": "eclint check * lib/* test/*",
58
58
  "lint": "eslint lib/*.js test/*.js",
package/test/parse.js CHANGED
@@ -429,6 +429,14 @@ test('parse()', function (t) {
429
429
  st.end();
430
430
  });
431
431
 
432
+ t.test('parses comma delimited array while having percent-encoded comma treated as normal text', function (st) {
433
+ st.deepEqual(qs.parse('foo=a%2Cb', { comma: true }), { foo: 'a,b' });
434
+ st.deepEqual(qs.parse('foo=a%2C%20b,d', { comma: true }), { foo: ['a, b', 'd'] });
435
+ st.deepEqual(qs.parse('foo=a%2C%20b,c%2C%20d', { comma: true }), { foo: ['a, b', 'c, d'] });
436
+
437
+ st.end();
438
+ });
439
+
432
440
  t.test('parses an object in dot notation', function (st) {
433
441
  var input = {
434
442
  'user.name': { 'pop[bob]': 3 },