Merge pull request #561 from panva/fix-validate-jws

fix: validate signatures regardless of JWT payloads
jsonwebtoken · Oct 21, 2021 · 6285677 · 6285677
2 parents 3d051ad + b2406d4
commit 6285677
Showing 1 changed file with 4 additions and 8 deletions.
diff --git a/src/editor/jwt.js b/src/editor/jwt.js
@@ -138,19 +138,15 @@ export function decode(jwt) {
         if (!isValidBase64String(split[1])) {
             result.warnings.push(strings.warnings.payloadBase64Invalid);
         }
-        result.payload = JSON.parse(b64u.decode(split[1]));
-    } catch (e) {
-        result.errors = true;
-    }
+        result.payload = b64u.decode(split[1]);
+    } catch (e) {}
 
     try {
         if (!isValidJSON(b64u.decode(split[1]))) {
             result.warnings.push(strings.warnings.payloadInvalidJSON);
-            result.payload = b64u.decode(split[1])
         }
-    } catch (e) {
-        result.errors = true;
-    }
+        result.payload = JSON.parse(b64u.decode(split[1]))
+    } catch (e) {}
 
     return result;
 }