You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please, have a look at the following REPL session:
Welcome to Jint (1.0.0.0)
Type 'exit' to leave, 'print()' to write on the console, 'load()' to load scripts.
jint> unescape("%40")
=> "%40"
jint> unescape("%40_")
=> "@_"
jint> unescape("%40%40")
=> "@%40"
jint> unescape("%u0040")
=> "%u0040"
jint> unescape("%u0040_")
=> "@_"
jint> unescape("%u0040%u0040")
=> "@%u0040"
It shows that unescape consistently fails to decode a percent-encoded character if it happens just before the end of string.
I believe this behavior is caused by an "off by one" error in the function's implementation loop.
The following patch seems to fix the bug:
diff --git a/Jint/Native/Global/GlobalObject.cs b/Jint/Native/Global/GlobalObject.cs
index de224161..62dd56db 100644
--- a/Jint/Native/Global/GlobalObject.cs+++ b/Jint/Native/Global/GlobalObject.cs@@ -676,23 +676,23 @@ namespace Jint.Native.Global
for (var k = 0; k < strLen; k++)
{
var c = uriString[k];
if (c == '%')
{
- if (k < strLen - 6+ if (k <= strLen - 6
&& uriString[k + 1] == 'u'
&& uriString.Skip(k + 2).Take(4).All(IsValidHexaChar))
{
c = (char)int.Parse(
string.Join(string.Empty, uriString.Skip(k + 2).Take(4)),
NumberStyles.AllowHexSpecifier);
k += 5;
}
- else if (k < strLen - 3+ else if (k <= strLen - 3
&& uriString.Skip(k + 1).Take(2).All(IsValidHexaChar))
{
c = (char)int.Parse(
string.Join(string.Empty, uriString.Skip(k + 1).Take(2)),
NumberStyles.AllowHexSpecifier);
Please, have a look at the following REPL session:
It shows that
unescape
consistently fails to decode a percent-encoded character if it happens just before the end of string.I believe this behavior is caused by an "off by one" error in the function's implementation loop.
The following patch seems to fix the bug:
HEAD: 6880a99
The text was updated successfully, but these errors were encountered: