Skip to content

Commit

Permalink
Add support for URL's (#123)
Browse files Browse the repository at this point in the history
  • Loading branch information
@rrdelaney
rrdelaney committed Jun 21, 2021
1 parent dbb6c73 commit 7f3ac25
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 2 deletions.
13 changes: 11 additions & 2 deletions index.js
View file
Expand Up @@ -11,7 +11,7 @@ var randomBytes = require('randombytes');
// Generate an internal UID to make the regexp pattern harder to guess.
var UID_LENGTH = 16;
var UID = generateUID();
var PLACE_HOLDER_REGEXP = new RegExp('(\\\\)?"@__(F|R|D|M|S|A|U|I|B)-' + UID + '-(\\d+)__@"', 'g');
var PLACE_HOLDER_REGEXP = new RegExp('(\\\\)?"@__(F|R|D|M|S|A|U|I|B|L)-' + UID + '-(\\d+)__@"', 'g');

var IS_NATIVE_CODE_REGEXP = /\{\s*\[native code\]\s*\}/g;
var IS_PURE_FUNCTION = /function.*?\(/;
Expand Down Expand Up @@ -72,6 +72,7 @@ module.exports = function serialize(obj, options) {
var undefs = [];
var infinities= [];
var bigInts = [];
var urls = [];

// Returns placeholders for functions and regexps (identified by index)
// which are later replaced by their string representation.
Expand Down Expand Up @@ -114,6 +115,10 @@ module.exports = function serialize(obj, options) {
return '@__A-' + UID + '-' + (arrays.push(origValue) - 1) + '__@';
}
}

if(origValue instanceof URL) {
return '@__L-' + UID + '-' + (urls.push(origValue) - 1) + '__@';
}
}

if (type === 'function') {
Expand Down Expand Up @@ -205,7 +210,7 @@ module.exports = function serialize(obj, options) {
str = str.replace(UNSAFE_CHARS_REGEXP, escapeUnsafeChars);
}

if (functions.length === 0 && regexps.length === 0 && dates.length === 0 && maps.length === 0 && sets.length === 0 && arrays.length === 0 && undefs.length === 0 && infinities.length === 0 && bigInts.length === 0) {
if (functions.length === 0 && regexps.length === 0 && dates.length === 0 && maps.length === 0 && sets.length === 0 && arrays.length === 0 && undefs.length === 0 && infinities.length === 0 && bigInts.length === 0 && urls.length === 0) {
return str;
}

Expand Down Expand Up @@ -252,6 +257,10 @@ module.exports = function serialize(obj, options) {
return "BigInt(\"" + bigInts[valueIndex] + "\")";
}

if (type === 'L') {
return "new URL(\"" + urls[valueIndex].toString() + "\")";
}

var fn = functions[valueIndex];

return serializeFunc(fn);
Expand Down
14 changes: 14 additions & 0 deletions test/unit/serialize.js
View file
Expand Up @@ -452,6 +452,20 @@ describe('serialize( obj )', function () {
});
});

describe('URL', function () {
it('should serialize URL', function () {
var u = new URL('https://x.com/')
expect(serialize(u)).to.equal('new URL("https://x.com/")');
expect(serialize({t: [u]})).to.be.a('string').equal('{"t":[new URL("https://x.com/")]}');
});

it('should deserialize URL', function () {
var d = eval(serialize(new URL('https://x.com/')));
expect(d).to.be.a('URL');
expect(d.toString()).to.equal('https://x.com/');
});
});

describe('XSS', function () {
it('should encode unsafe HTML chars to Unicode', function () {
expect(serialize('</script>')).to.equal('"\\u003C\\u002Fscript\\u003E"');
Expand Down

0 comments on commit 7f3ac25

Please sign in to comment.