@hapi/statehood
Advanced tools
Comparing version 7.0.3 to 7.0.4
@@ -60,5 +60,2 @@ 'use strict'; | ||
// 1: name 2: quoted 3: value | ||
internals.parseRx = /\s*([^=\s]*)\s*=\s*(?:(?:"([^\"]*)")|([^\;]*))(?:(?:;\s*)|$)/g; | ||
internals.validateRx = { | ||
@@ -109,7 +106,4 @@ nameRx: { | ||
const names = []; | ||
const verify = cookies.replace(internals.parseRx, ($0, $1, $2, $3) => { | ||
const verify = internals.parsePairs(cookies, (name, value) => { | ||
const name = $1; | ||
const value = $2 || $3 || ''; | ||
if (name === '__proto__') { | ||
@@ -130,4 +124,2 @@ throw Boom.badRequest('Invalid cookie header'); | ||
} | ||
return ''; | ||
}); | ||
@@ -139,3 +131,3 @@ | ||
if (verify !== '') { | ||
if (verify !== null) { | ||
if (!this.settings.ignoreErrors) { | ||
@@ -356,2 +348,30 @@ throw Boom.badRequest('Invalid cookie header'); | ||
internals.parsePairs = function (cookies, eachPairFn) { | ||
let index = 0; | ||
while (index < cookies.length) { | ||
const eqIndex = cookies.indexOf('=', index); | ||
if (eqIndex === -1) { | ||
return cookies.slice(index); // E.g. 'a=1;xyz' -> 'xyz' | ||
} | ||
const semiIndex = cookies.indexOf(';', eqIndex); | ||
const endOfValueIndex = semiIndex !== -1 ? semiIndex : cookies.length; | ||
const name = cookies.slice(index, eqIndex).trim(); | ||
const value = cookies.slice(eqIndex + 1, endOfValueIndex).trim(); | ||
const unquotedValue = (value.startsWith('"') && value.endsWith('"') && value !== '"') ? | ||
value.slice(1, -1) : // E.g. '"abc"' -> 'abc' | ||
value; | ||
eachPairFn(name, unquotedValue); | ||
index = endOfValueIndex + 1; | ||
} | ||
return null; | ||
}; | ||
internals.validate = function (name, state) { | ||
@@ -358,0 +378,0 @@ |
{ | ||
"name": "@hapi/statehood", | ||
"description": "HTTP State Management Utilities", | ||
"version": "7.0.3", | ||
"version": "7.0.4", | ||
"repository": "git://github.com/hapijs/statehood", | ||
@@ -16,2 +16,7 @@ "main": "lib/index.js", | ||
], | ||
"eslintConfig": { | ||
"extends": [ | ||
"plugin:@hapi/module" | ||
] | ||
}, | ||
"dependencies": { | ||
@@ -28,3 +33,4 @@ "@hapi/boom": "9.x.x", | ||
"@hapi/code": "8.x.x", | ||
"@hapi/lab": "23.x.x" | ||
"@hapi/eslint-plugin": "*", | ||
"@hapi/lab": "24.x.x" | ||
}, | ||
@@ -31,0 +37,0 @@ "scripts": { |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
18183
388
3