qs - npm Package Compare versions

Comparing version 6.0.2 to 6.0.3

CHANGELOG.md

		@@ -0,1 +1,5 @@
		## 6.0.3
		- [Fix] ensure that `allowPrototypes: false` does not ever shadow Object.prototype properties
		- [Fix] Restore `dist` directory; will be removed in v7 (#148)

		## [6.0.2](https://github.com/ljharb/qs/issues?milestone=33&state=closed)
		@@ -2,0 +6,0 @@ - Revert ES6 requirement and restore support for node down to v0.8.

component.json

		@@ -5,3 +5,3 @@ {
		"description": "query-string parser / stringifier with nesting support",
		"version": "5.2.0",
		"version": "6.0.3",
		"keywords": ["querystring", "query", "parser"],
		@@ -8,0 +8,0 @@ "main": "lib/index.js",

dist/qs.js

		@@ -70,3 +70,3 @@ (function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.Qs = f()}})(function(){var define,module,exports;return (function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);var f=new Error("Cannot find module '"+o+"'");throw f.code="MODULE_NOT_FOUND",f}var l=n[o]={exports:{}};t[o][0].call(l.exports,function(e){var n=t[o][1][e];return s(n?n:e)},l,l.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o<r.length;o++)s(r[o]);return s})({1:[function(require,module,exports){
		obj = options.plainObjects ? Object.create(null) : {};
		var cleanRoot = root[0] === '[' && root[root.length - 1] === ']' ? root.slice(1, root.length - 1) : root;
		var cleanRoot = root.charAt(0) === '[' && root.charAt(root.length - 1) === ']' ? root.slice(1, -1) : root;
		var index = parseInt(cleanRoot, 10);
		@@ -100,4 +100,4 @@ if (

		var parent = /^([^\[\]]*)/;
		var child = /(\[[^\[\]]*\])/g;
		var parent = /^([^[]*)/;
		var child = /(\[[^[\]]*])/g;

		@@ -128,5 +128,5 @@ // Get the parent
		i += 1;
		if (!options.plainObjects && Object.prototype.hasOwnProperty(segment[1].replace(/\[\|\]/g, ''))) {
		if (!options.plainObjects && Object.prototype.hasOwnProperty.call(Object.prototype, segment[1].slice(1, -1))) {
		if (!options.allowPrototypes) {
		continue;
		return;
		}
		@@ -133,0 +133,0 @@ }

lib/parse.js

		@@ -58,3 +58,3 @@ 'use strict';
		obj = options.plainObjects ? Object.create(null) : {};
		var cleanRoot = root[0] === '[' && root[root.length - 1] === ']' ? root.slice(1, root.length - 1) : root;
		var cleanRoot = root.charAt(0) === '[' && root.charAt(root.length - 1) === ']' ? root.slice(1, -1) : root;
		var index = parseInt(cleanRoot, 10);
		@@ -88,4 +88,4 @@ if (

		var parent = /^([^\[\]]*)/;
		var child = /(\[[^\[\]]*\])/g;
		var parent = /^([^[]*)/;
		var child = /(\[[^[\]]*])/g;

		@@ -116,5 +116,5 @@ // Get the parent
		i += 1;
		if (!options.plainObjects && Object.prototype.hasOwnProperty(segment[1].replace(/\[\|\]/g, ''))) {
		if (!options.plainObjects && Object.prototype.hasOwnProperty.call(Object.prototype, segment[1].slice(1, -1))) {
		if (!options.allowPrototypes) {
		continue;
		return;
		}
		@@ -121,0 +121,0 @@ }

package.json

		@@ -5,3 +5,3 @@ {
		"homepage": "https://github.com/ljharb/qs",
		"version": "6.0.2",
		"version": "6.0.3",
		"repository": {
		@@ -8,0 +8,0 @@ "type": "git",

test/parse.js

		@@ -123,4 +123,7 @@ 'use strict';
		st.deepEqual(qs.parse('foo[0][a]=a&foo[0][b]=b&foo[1][a]=aa&foo[1][b]=bb'), { foo: [{ a: 'a', b: 'b' }, { a: 'aa', b: 'bb' }] });
		st.deepEqual(qs.parse('a[]=b&a[t]=u&a[hasOwnProperty]=c'), { a: { '0': 'b', t: 'u', c: true } });
		st.deepEqual(qs.parse('a[]=b&a[hasOwnProperty]=c&a[x]=y'), { a: { '0': 'b', '1': 'c', x: 'y' } });

		st.deepEqual(qs.parse('a[]=b&a[t]=u&a[hasOwnProperty]=c', { allowPrototypes: false }), { a: { 0: 'b', t: 'u' } });
		st.deepEqual(qs.parse('a[]=b&a[t]=u&a[hasOwnProperty]=c', { allowPrototypes: true }), { a: { 0: 'b', t: 'u', hasOwnProperty: 'c' } });
		st.deepEqual(qs.parse('a[]=b&a[hasOwnProperty]=c&a[x]=y', { allowPrototypes: false }), { a: { 0: 'b', x: 'y' } });
		st.deepEqual(qs.parse('a[]=b&a[hasOwnProperty]=c&a[x]=y', { allowPrototypes: true }), { a: { 0: 'b', hasOwnProperty: 'c', x: 'y' } });
		st.end();
		@@ -374,8 +377,33 @@ });

		t.test('does not allow overwriting prototype properties', function (st) {
		st.deepEqual(qs.parse('a[hasOwnProperty]=b', { allowPrototypes: false }), {});
		st.deepEqual(qs.parse('hasOwnProperty=b', { allowPrototypes: false }), {});

		st.deepEqual(
		qs.parse('toString', { allowPrototypes: false }),
		{},
		'bare "toString" results in {}'
		);

		st.end();
		});

		t.test('can allow overwriting prototype properties', function (st) {
		st.deepEqual(qs.parse('a[hasOwnProperty]=b', { allowPrototypes: true }), { a: { hasOwnProperty: 'b' } }, { prototype: false });
		st.deepEqual(qs.parse('hasOwnProperty=b', { allowPrototypes: true }), { hasOwnProperty: 'b' }, { prototype: false });
		st.deepEqual(qs.parse('a[hasOwnProperty]=b', { allowPrototypes: true }), { a: { hasOwnProperty: 'b' } });
		st.deepEqual(qs.parse('hasOwnProperty=b', { allowPrototypes: true }), { hasOwnProperty: 'b' });

		st.deepEqual(
		qs.parse('toString', { allowPrototypes: true }),
		{ toString: '' },
		'bare "toString" results in { toString: "" }'
		);

		st.end();
		});

		t.test('params starting with a closing bracket', function (st) {
		st.deepEqual(qs.parse(']=toString'), { ']': 'toString' });
		st.end();
		});

		t.test('can return plain objects', function (st) {
		@@ -382,0 +410,0 @@ var expected = Object.create(null);

qs - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics