Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
decode-uri-component
Advanced tools
Package description
The decode-uri-component package is designed to provide a more robust and comprehensive solution for decoding URI components than the native JavaScript decodeURIComponent function. It aims to correctly handle all the nuances of URI encoding, including decoding characters that the native function may not handle correctly.
Decoding URI components
This feature allows you to decode URI components that may contain encoded representations of characters that could be used in XSS attacks or other malicious activities. The code sample demonstrates how to decode a URI component that represents a script tag with an alert function, which would be a potential security risk if not properly decoded.
"use strict";\nconst decodeUriComponent = require('decode-uri-component');\nconsole.log(decodeUriComponent('%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3E'));
The query-string package is used for parsing and stringifying URL query strings. It offers similar functionality in terms of decoding URI components as part of its parsing process. However, it is more focused on handling the entire query string rather than just individual URI components.
Similar to query-string, the qs package provides methods for parsing and stringifying query strings. It can decode URI components when parsing query strings. qs is known for its depth control and array parsing capabilities, making it more versatile for complex query strings compared to decode-uri-component, which focuses solely on decoding.
Readme
A better decodeURIComponent
�
.$ npm install --save decode-uri-component
import decodeUriComponent from 'decode-uri-component';
decodeUriComponent('%25');
//=> '%'
decodeUriComponent('%');
//=> '%'
decodeUriComponent('st%C3%A5le');
//=> 'ståle'
decodeUriComponent('%st%C3%A5le%');
//=> '%ståle%'
decodeUriComponent('%%7Bst%C3%A5le%7D%');
//=> '%{ståle}%'
decodeUriComponent('%7B%ab%%7C%de%%7D');
//=> '{%ab%|%de%}'
decodeUriComponent('%FE%FF');
//=> '\uFFFD\uFFFD'
decodeUriComponent('%C2');
//=> '\uFFFD'
decodeUriComponent('%C2%B5');
//=> 'µ'
Type: string
An encoded component of a Uniform Resource Identifier.
MIT © Sam Verschueren
FAQs
A better decodeURIComponent
The npm package decode-uri-component receives a total of 16,815,224 weekly downloads. As such, decode-uri-component popularity was classified as popular.
We found that decode-uri-component demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.