
Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
decode-uri-component
Advanced tools
The decode-uri-component package is designed to provide a more robust and comprehensive solution for decoding URI components than the native JavaScript decodeURIComponent function. It aims to correctly handle all the nuances of URI encoding, including decoding characters that the native function may not handle correctly.
Decoding URI components
This feature allows you to decode URI components that may contain encoded representations of characters that could be used in XSS attacks or other malicious activities. The code sample demonstrates how to decode a URI component that represents a script tag with an alert function, which would be a potential security risk if not properly decoded.
"use strict";\nconst decodeUriComponent = require('decode-uri-component');\nconsole.log(decodeUriComponent('%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3E'));
The query-string package is used for parsing and stringifying URL query strings. It offers similar functionality in terms of decoding URI components as part of its parsing process. However, it is more focused on handling the entire query string rather than just individual URI components.
Similar to query-string, the qs package provides methods for parsing and stringifying query strings. It can decode URI components when parsing query strings. qs is known for its depth control and array parsing capabilities, making it more versatile for complex query strings compared to decode-uri-component, which focuses solely on decoding.
A better decodeURIComponent
�
.$ npm install --save decode-uri-component
import decodeUriComponent from 'decode-uri-component';
decodeUriComponent('%25');
//=> '%'
decodeUriComponent('%');
//=> '%'
decodeUriComponent('st%C3%A5le');
//=> 'ståle'
decodeUriComponent('%st%C3%A5le%');
//=> '%ståle%'
decodeUriComponent('%%7Bst%C3%A5le%7D%');
//=> '%{ståle}%'
decodeUriComponent('%7B%ab%%7C%de%%7D');
//=> '{%ab%|%de%}'
decodeUriComponent('%FE%FF');
//=> '\uFFFD\uFFFD'
decodeUriComponent('%C2');
//=> '\uFFFD'
decodeUriComponent('%C2%B5');
//=> 'µ'
Type: string
An encoded component of a Uniform Resource Identifier.
MIT © Sam Verschueren
FAQs
A better decodeURIComponent
The npm package decode-uri-component receives a total of 0 weekly downloads. As such, decode-uri-component popularity was classified as not popular.
We found that decode-uri-component demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
Security News
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.