fix: prevent numeric overflow with hashStr function (#141)

The 'data-react-paypal-script-id' attribute uses the hash value from this `hashStr(JSON.stringify(options))` function. This change fixes an issue where a large `options` object could cause a numeric overflow.
paypal · Aug 17, 2021 · 9914f60 · 9914f60
1 parent 002059d
commit 9914f60
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 5 deletions.
diff --git a/src/utils.test.js b/src/utils.test.js
@@ -0,0 +1,30 @@
+import { hashStr } from "./utils";
+
+describe("hashStr", () => {
+    test("should match the hash from the argument string", () => {
+        expect(hashStr("react")).toMatchInlineSnapshot(`"xxhjw"`);
+        expect(hashStr("react-js.braintree")).toMatchInlineSnapshot(
+            `"xxhjbzppoallaomelb"`
+        );
+        expect(hashStr("react-js.paypal")).toMatchInlineSnapshot(
+            `"xxhjbzppiqfhtje"`
+        );
+        expect(hashStr("")).toMatchInlineSnapshot(`""`);
+        expect(
+            hashStr(
+                JSON.stringify({
+                    "client-id":
+                        "AfmdXiQAZD1rldTeFe9RNvsz8eBBG-Mltqh6h-iocQ1GUNuXIDnCie9tHcueD_NrMWB9dTlWl34xEK7V",
+                    currency: "USD",
+                    intent: "authorize",
+                    debug: false,
+                    vault: false,
+                    locale: "US",
+                    "data-namespace": "braintree",
+                })
+            )
+        ).toMatchInlineSnapshot(
+            `"iiuovjsqddgseaaouopvvtcqciewjblfycugmepzoirvygvhquvfthtdttqasyqcdzbzaepjvxhbwsrjhhcurjzroipxqyishjiubldxsiumrlgiscmehhggkwzxusrrdpdxisuuektdeudjrtosskdpcksyhttbqsqsvdsoaugkffisgkusjvhthnqmlzgqccmutvqaztoqu"`
+        );
+    });
+});
diff --git a/src/utils.ts b/src/utils.ts
@@ -10,12 +10,23 @@ export function getPayPalWindowNamespace(
 }
 
 /**
- * Creates a numeric hash based on the string input.
+ * Creates a string hash code based on the string argument
+ *
+ * @param str the source input string to hash
+ * @returns string hash code
  */
-export function hashStr(str: string): number {
-    let hash = 0;
+export function hashStr(str: string): string {
+    let hash = "";
+
     for (let i = 0; i < str.length; i++) {
-        hash += str[i].charCodeAt(0) * Math.pow((i % 10) + 1, 5);
+        let total = str[i].charCodeAt(0) * i;
+
+        if (str[i + 1]) {
+            total += str[i + 1].charCodeAt(0) * (i - 1);
+        }
+
+        hash += String.fromCharCode(97 + (Math.abs(total) % 26));
     }
-    return Math.floor(Math.pow(Math.sqrt(hash), 5));
+
+    return hash;
 }