diff --git a/README.md b/README.md index 921292b2..8395bfe4 100644 --- a/README.md +++ b/README.md @@ -12,13 +12,18 @@ The **qs** module was originally created and maintained by [TJ Holowaychuk](http ```javascript var qs = require('qs'); +var assert = require('assert'); -var obj = qs.parse('a=c'); // { a: 'c' } -var str = qs.stringify(obj); // 'a=c' +var obj = qs.parse('a=c'); +assert.deepEqual(obj, { a: 'c' }); + +var str = qs.stringify(obj); +assert.equal(str, 'a=c'); ``` ### Parsing Objects +[](#preventEval) ```javascript qs.parse(string, [options]); ``` @@ -27,51 +32,52 @@ qs.parse(string, [options]); For example, the string `'foo[bar]=baz'` converts to: ```javascript -{ +assert.deepEqual(qs.parse('foo[bar]=baz'), { foo: { bar: 'baz' } -} +}); ``` When using the `plainObjects` option the parsed value is returned as a plain object, created via `Object.create(null)` and as such you should be aware that prototype methods will not exist on it and a user may set those names to whatever value they like: ```javascript -qs.parse('a.hasOwnProperty=b', { plainObjects: true }); -// { a: { hasOwnProperty: 'b' } } +var plainObject = qs.parse('a[hasOwnProperty]=b', { plainObjects: true }); +assert.deepEqual(plainObject, { a: { hasOwnProperty: 'b' } }); ``` By default parameters that would overwrite properties on the object prototype are ignored, if you wish to keep the data from those fields either use `plainObjects` as mentioned above, or set `allowPrototypes` to `true` which will allow user input to overwrite those properties. *WARNING* It is generally a bad idea to enable this option as it can cause problems when attempting to use the properties that have been overwritten. Always be careful with this option. ```javascript -qs.parse('a.hasOwnProperty=b', { allowPrototypes: true }); -// { a: { hasOwnProperty: 'b' } } +var protoObject = qs.parse('a[hasOwnProperty]=b', { allowPrototypes: true }); +assert.deepEqual(protoObject, { a: { hasOwnProperty: 'b' } }); ``` URI encoded strings work too: ```javascript -qs.parse('a%5Bb%5D=c'); -// { a: { b: 'c' } } +assert.deepEqual(qs.parse('a%5Bb%5D=c'), { + a: { b: 'c' } +}); ``` You can also nest your objects, like `'foo[bar][baz]=foobarbaz'`: ```javascript -{ +assert.deepEqual(qs.parse('foo[bar][baz]=foobarbaz'), { foo: { bar: { baz: 'foobarbaz' } } -} +}); ``` By default, when nesting objects **qs** will only parse up to 5 children deep. This means if you attempt to parse a string like `'a[b][c][d][e][f][g][h][i]=j'` your resulting object will be: ```javascript -{ +var expected = { a: { b: { c: { @@ -85,14 +91,16 @@ By default, when nesting objects **qs** will only parse up to 5 children deep. T } } } -} +}; +var string = 'a[b][c][d][e][f][g][h][i]=j'; +assert.deepEqual(qs.parse(string), expected); ``` This depth can be overridden by passing a `depth` option to `qs.parse(string, [options])`: ```javascript -qs.parse('a[b][c][d][e][f][g][h][i]=j', { depth: 1 }); -// { a: { b: { '[c][d][e][f][g][h][i]': 'j' } } } +var deep = qs.parse('a[b][c][d][e][f][g][h][i]=j', { depth: 1 }); +assert.deepEqual(deep, { a: { b: { '[c][d][e][f][g][h][i]': 'j' } } }); ``` The depth limit helps mitigate abuse when **qs** is used to parse user input, and it is recommended to keep it a reasonably small number. @@ -100,29 +108,29 @@ The depth limit helps mitigate abuse when **qs** is used to parse user input, an For similar reasons, by default **qs** will only parse up to 1000 parameters. This can be overridden by passing a `parameterLimit` option: ```javascript -qs.parse('a=b&c=d', { parameterLimit: 1 }); -// { a: 'b' } +var limited = qs.parse('a=b&c=d', { parameterLimit: 1 }); +assert.deepEqual(limited, { a: 'b' }); ``` An optional delimiter can also be passed: ```javascript -qs.parse('a=b;c=d', { delimiter: ';' }); -// { a: 'b', c: 'd' } +var delimited = qs.parse('a=b;c=d', { delimiter: ';' }); +assert.deepEqual(delimited, { a: 'b', c: 'd' }); ``` Delimiters can be a regular expression too: ```javascript -qs.parse('a=b;c=d,e=f', { delimiter: /[;,]/ }); -// { a: 'b', c: 'd', e: 'f' } +var regexed = qs.parse('a=b;c=d,e=f', { delimiter: /[;,]/ }); +assert.deepEqual(regexed, { a: 'b', c: 'd', e: 'f' }); ``` Option `allowDots` can be used to enable dot notation: ```javascript -qs.parse('a.b=c', { allowDots: true }); -// { a: { b: 'c' } } +var withDots = qs.parse('a.b=c', { allowDots: true }); +assert.deepEqual(withDots, { a: { b: 'c' } }); ``` ### Parsing Arrays @@ -130,15 +138,15 @@ qs.parse('a.b=c', { allowDots: true }); **qs** can also parse arrays using a similar `[]` notation: ```javascript -qs.parse('a[]=b&a[]=c'); -// { a: ['b', 'c'] } +var withArray = qs.parse('a[]=b&a[]=c'); +assert.deepEqual(withArray, { a: ['b', 'c'] }); ``` You may specify an index as well: ```javascript -qs.parse('a[1]=c&a[0]=b'); -// { a: ['b', 'c'] } +var withIndexes = qs.parse('a[1]=c&a[0]=b'); +assert.deepEqual(withIndexes, { a: ['b', 'c'] }); ``` Note that the only difference between an index in an array and a key in an object is that the value between the brackets must be a number @@ -146,57 +154,59 @@ to create an array. When creating arrays with specific indices, **qs** will comp their order: ```javascript -qs.parse('a[1]=b&a[15]=c'); -// { a: ['b', 'c'] } +var noSparse = qs.parse('a[1]=b&a[15]=c'); +assert.deepEqual(noSparse, { a: ['b', 'c'] }); ``` Note that an empty string is also a value, and will be preserved: ```javascript -qs.parse('a[]=&a[]=b'); -// { a: ['', 'b'] } -qs.parse('a[0]=b&a[1]=&a[2]=c'); -// { a: ['b', '', 'c'] } +var withEmptyString = qs.parse('a[]=&a[]=b'); +assert.deepEqual(withEmptyString, { a: ['', 'b'] }); + +var withIndexedEmptyString = qs.parse('a[0]=b&a[1]=&a[2]=c'); +assert.deepEqual(withIndexedEmptyString, { a: ['b', '', 'c'] }); ``` **qs** will also limit specifying indices in an array to a maximum index of `20`. Any array members with an index of greater than `20` will instead be converted to an object with the index as the key: ```javascript -qs.parse('a[100]=b'); -// { a: { '100': 'b' } } +var withMaxIndex = qs.parse('a[100]=b'); +assert.deepEqual(withMaxIndex, { a: { '100': 'b' } }); ``` This limit can be overridden by passing an `arrayLimit` option: ```javascript -qs.parse('a[1]=b', { arrayLimit: 0 }); -// { a: { '1': 'b' } } +var withArrayLimit = qs.parse('a[1]=b', { arrayLimit: 0 }); +assert.deepEqual(withArrayLimit, { a: { '1': 'b' } }); ``` To disable array parsing entirely, set `parseArrays` to `false`. ```javascript -qs.parse('a[]=b', { parseArrays: false }); -// { a: { '0': 'b' } } +var noParsingArrays = qs.parse('a[]=b', { parseArrays: false }); +assert.deepEqual(noParsingArrays, { a: { '0': 'b' } }); ``` If you mix notations, **qs** will merge the two items into an object: ```javascript -qs.parse('a[0]=b&a[b]=c'); -// { a: { '0': 'b', b: 'c' } } +var mixedNotation = qs.parse('a[0]=b&a[b]=c'); +assert.deepEqual(mixedNotation, { a: { '0': 'b', b: 'c' } }); ``` You can also create arrays of objects: ```javascript -qs.parse('a[][b]=c'); -// { a: [{ b: 'c' }] } +var arraysOfObjects = qs.parse('a[][b]=c'); +assert.deepEqual(arraysOfObjects, { a: [{ b: 'c' }] }); ``` ### Stringifying +[](#preventEval) ```javascript qs.stringify(object, [options]); ``` @@ -204,17 +214,15 @@ qs.stringify(object, [options]); When stringifying, **qs** by default URI encodes output. Objects are stringified as you would expect: ```javascript -qs.stringify({ a: 'b' }); -// 'a=b' -qs.stringify({ a: { b: 'c' } }); -// 'a%5Bb%5D=c' +assert.equal(qs.stringify({ a: 'b' }), 'a=b'); +assert.equal(qs.stringify({ a: { b: 'c' } }), 'a%5Bb%5D=c'); ``` This encoding can be disabled by setting the `encode` option to `false`: ```javascript -qs.stringify({ a: { b: 'c' } }, { encode: false }); -// 'a[b]=c' +var unencoded = qs.stringify({ a: { b: 'c' } }, { encode: false }); +assert.equal(unencoded, 'a[b]=c'); ``` Examples beyond this point will be shown as though the output is not URI encoded for clarity. Please note that the return values in these cases *will* be URI encoded during real usage. @@ -247,22 +255,19 @@ qs.stringify({ a: ['b', 'c'] }, { arrayFormat: 'repeat' }) Empty strings and null values will omit the value, but the equals sign (=) remains in place: ```javascript -qs.stringify({ a: '' }); -// 'a=' +assert.equal(qs.stringify({ a: '' }), 'a='); ``` Properties that are set to `undefined` will be omitted entirely: ```javascript -qs.stringify({ a: null, b: undefined }); -// 'a=' +assert.equal(qs.stringify({ a: null, b: undefined }), 'a='); ``` The delimiter may be overridden with stringify as well: ```javascript -qs.stringify({ a: 'b', c: 'd' }, { delimiter: ';' }); -// 'a=b;c=d' +assert.equal(qs.stringify({ a: 'b', c: 'd' }, { delimiter: ';' }), 'a=b;c=d'); ``` Finally, you can use the `filter` option to restrict which keys will be included in the stringified output. @@ -283,11 +288,11 @@ function filterFunc(prefix, value) { } return value; } -qs.stringify({ a: 'b', c: 'd', e: { f: new Date(123), g: [2] } }, { filter: filterFunc }) +qs.stringify({ a: 'b', c: 'd', e: { f: new Date(123), g: [2] } }, { filter: filterFunc }); // 'a=b&c=d&e[f]=123&e[g][0]=4' -qs.stringify({ a: 'b', c: 'd', e: 'f' }, { filter: ['a', 'e'] }) +qs.stringify({ a: 'b', c: 'd', e: 'f' }, { filter: ['a', 'e'] }); // 'a=b&e=f' -qs.stringify({ a: ['b', 'c', 'd'], e: 'f' }, { filter: ['a', 0, 2] }) +qs.stringify({ a: ['b', 'c', 'd'], e: 'f' }, { filter: ['a', 0, 2] }); // 'a[0]=b&a[2]=d' ``` @@ -296,36 +301,35 @@ qs.stringify({ a: ['b', 'c', 'd'], e: 'f' }, { filter: ['a', 0, 2] }) By default, `null` values are treated like empty strings: ```javascript -qs.stringify({ a: null, b: '' }); -// 'a=&b=' +var withNull = qs.stringify({ a: null, b: '' }); +assert.equal(withNull, 'a=&b='); ``` Parsing does not distinguish between parameters with and without equal signs. Both are converted to empty strings. ```javascript -qs.parse('a&b=') -// { a: '', b: '' } +var equalsInsensitive = qs.parse('a&b='); +assert.deepEqual(equalsInsensitive, { a: '', b: '' }); ``` To distinguish between `null` values and empty strings use the `strictNullHandling` flag. In the result string the `null` values have no `=` sign: ```javascript -qs.stringify({ a: null, b: '' }, { strictNullHandling: true }); -// 'a&b=' +var strictNull = qs.stringify({ a: null, b: '' }, { strictNullHandling: true }); +assert.equal(strictNull, 'a&b='); ``` To parse values without `=` back to `null` use the `strictNullHandling` flag: ```javascript -qs.parse('a&b=', { strictNullHandling: true }); -// { a: null, b: '' } - +var parsedStrictNull = qs.parse('a&b=', { strictNullHandling: true }); +assert.deepEqual(parsedStrictNull, { a: null, b: '' }); ``` To completely skip rendering keys with `null` values, use the `skipNulls` flag: ```javascript -qs.stringify({ a: 'b', c: null}, { skipNulls: true }) -// 'a=b' +var nullsSkipped = qs.stringify({ a: 'b', c: null}, { skipNulls: true }); +assert.equal(nullsSkipped, 'a=b'); ``` diff --git a/package.json b/package.json index f0d4573b..0f1de91c 100644 --- a/package.json +++ b/package.json @@ -30,11 +30,13 @@ "mkdirp": "^0.5.1", "eslint": "^1.10.3", "@ljharb/eslint-config": "^1.6.1", - "parallelshell": "^2.0.0" + "parallelshell": "^2.0.0", + "evalmd": "^0.0.16" }, "scripts": { - "test": "parallelshell 'npm run lint' 'npm run coverage'", - "tests-only": "node test", + "test": "parallelshell 'npm run readme' 'npm run lint' 'npm run coverage'", + "tests-only": "parallelshell 'npm run readme' 'node test'", + "readme": "evalmd README.md", "lint": "eslint lib/*.js text/*.js", "coverage": "covert test", "dist": "mkdirp dist && browserify --standalone Qs lib/index.js > dist/qs.js",