Enforce stricter integer parsing on encode function #24
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently, the
encode
function in hashids is usingparseInt
in order to validate that a stringified number is indeed a number before encoding. However, there is a caveat toparseInt
, detailed in MDN's documentation:If an API consumer were to pass
hashids.encode('B6')
, this would result in a proper result of''
since the API specifies returning an empty string if an integer is not received.However, if the consumer were to pass
hashids.encode('6B')
, theparseInt
function would parse this as6
and ignore the succeeding characters. This would allow the encode function to continue with the encode, even though the function was passed a bad value.I've updated the tests to demonstrate the issue. To address the bug, I added a stricter
filterInt
function. This function verifies that the number being passed is indeed an integer before executingparseInt
. I pulledfilterInt
from MDN's documentation on parseInt and modified it to be a bit cleaner.Thanks to @juliancoleman for pairing with me to find/implement a fix for this bug.