Fix exception when err cannot be converted to a string

pillarjs · Feb 10, 2017 · 2f5981b · 2f5981b
1 parent 113d8eb
commit 2f5981b
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 5 deletions.
diff --git a/HISTORY.md b/HISTORY.md
@@ -1,6 +1,7 @@
 unreleased
 ==========
 
+  * Fix exception when `err` cannot be converted to a string
   * Fully URL-encode the pathname in the 404 message
   * Only include the pathname in the 404 message
   * deps: debug@2.6.0

diff --git a/index.js b/index.js
@@ -61,6 +61,7 @@ function finalhandler (req, res, options) {
 
   return function (err) {
     var headers
+    var msg
     var status
 
     // ignore 404 on in-flight response
@@ -84,14 +85,12 @@ function finalhandler (req, res, options) {
         status = getResponseStatusCode(res)
       }
 
-      // production gets a basic error message
-      var msg = env === 'production'
-        ? statuses[status]
-        : err.stack || err.toString()
-      msg = escapeHtml(msg)
+      // get error message
+      msg = escapeHtml(getErrorMessage(err, status, env))
         .replace(NEWLINE_REGEXP, '<br>')
         .replace(DOUBLE_SPACE_REGEXP, ' &nbsp;') + '\n'
     } else {
+      // not found
       status = 404
       msg = 'Cannot ' + escapeHtml(req.method) +
         ' ' + escapeHtml(encodeUrl(parseUrl.original(req).pathname)) + '\n'
@@ -140,6 +139,32 @@ function getErrorHeaders (err) {
   return headers
 }
 
+/**
+ * Get message from Error object, fallback to status message.
+ *
+ * @param {Error} err
+ * @param {number} status
+ * @param {string} env
+ * @return {string}
+ * @private
+ */
+
+function getErrorMessage (err, status, env) {
+  var msg
+
+  if (env !== 'production') {
+    // use err.stack, which typically includes err.message
+    msg = err.stack
+
+    // fallback to err.toString() when possible
+    if (!msg && typeof err.toString === 'function') {
+      msg = err.toString()
+    }
+  }
+
+  return msg || statuses[status]
+}
+
 /**
  * Get status code from Error object.
  *

diff --git a/test/test.js b/test/test.js
@@ -300,6 +300,12 @@ describe('finalhandler(req, res)', function () {
       .expect(500, 'lame string\n', done)
     })
 
+    it('should handle null prototype objects', function (done) {
+      request(createServer(Object.create(null)))
+      .get('/foo')
+      .expect(500, 'Internal Server Error\n', done)
+    })
+
     it('should send staus code name when production', function (done) {
       var err = createError('boom!', {
         status: 501