parse_object_value: prevent URLs to be interpreted as a query string …

…value object fix #37
maxlath · Nov 3, 2017 · b93e37e · b93e37e
1 parent f09da55
commit b93e37e
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/lib/edit/parse_object_value.js b/lib/edit/parse_object_value.js
@@ -16,6 +16,13 @@ module.exports = value => {
     }
   }
 
+  // Don't let strings including special characters
+  // go through the query string parser.
+  // Especially, don't let URLs be interpreted as a query string.
+  // The test here after rely on the fact that object values
+  // never have a key with special characters
+  if (/\W+/.test(value.split('=')[0])) return value
+
   // query string parser
   const equalCount = countChar(value, '=')
   const andCount = countChar(value, '&')