Comparing version 6.2.1 to 6.2.2
@@ -0,1 +1,4 @@ | ||
## **6.2.2** | ||
- [Fix] ensure that `allowPrototypes: false` does not ever shadow Object.prototype properties | ||
## **6.2.1** | ||
@@ -2,0 +5,0 @@ - [Fix] ensure `key[]=x&key[]&key[]=y` results in 3, not 2, values |
@@ -70,3 +70,3 @@ (function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.Qs = f()}})(function(){var define,module,exports;return (function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);var f=new Error("Cannot find module '"+o+"'");throw f.code="MODULE_NOT_FOUND",f}var l=n[o]={exports:{}};t[o][0].call(l.exports,function(e){var n=t[o][1][e];return s(n?n:e)},l,l.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o<r.length;o++)s(r[o]);return s})({1:[function(require,module,exports){ | ||
obj = options.plainObjects ? Object.create(null) : {}; | ||
var cleanRoot = root[0] === '[' && root[root.length - 1] === ']' ? root.slice(1, root.length - 1) : root; | ||
var cleanRoot = root.charAt(0) === '[' && root.charAt(root.length - 1) === ']' ? root.slice(1, -1) : root; | ||
var index = parseInt(cleanRoot, 10); | ||
@@ -96,8 +96,8 @@ if ( | ||
// Transform dot notation to bracket notation | ||
var key = options.allowDots ? givenKey.replace(/\.([^\.\[]+)/g, '[$1]') : givenKey; | ||
var key = options.allowDots ? givenKey.replace(/\.([^.[]+)/g, '[$1]') : givenKey; | ||
// The regex chunks | ||
var parent = /^([^\[\]]*)/; | ||
var child = /(\[[^\[\]]*\])/g; | ||
var parent = /^([^[]*)/; | ||
var child = /(\[[^[\]]*])/g; | ||
@@ -128,5 +128,5 @@ // Get the parent | ||
i += 1; | ||
if (!options.plainObjects && has.call(Object.prototype, segment[1].replace(/\[|\]/g, ''))) { | ||
if (!options.plainObjects && has.call(Object.prototype, segment[1].slice(1, -1))) { | ||
if (!options.allowPrototypes) { | ||
continue; | ||
return; | ||
} | ||
@@ -133,0 +133,0 @@ } |
@@ -58,3 +58,3 @@ 'use strict'; | ||
obj = options.plainObjects ? Object.create(null) : {}; | ||
var cleanRoot = root[0] === '[' && root[root.length - 1] === ']' ? root.slice(1, root.length - 1) : root; | ||
var cleanRoot = root.charAt(0) === '[' && root.charAt(root.length - 1) === ']' ? root.slice(1, -1) : root; | ||
var index = parseInt(cleanRoot, 10); | ||
@@ -84,8 +84,8 @@ if ( | ||
// Transform dot notation to bracket notation | ||
var key = options.allowDots ? givenKey.replace(/\.([^\.\[]+)/g, '[$1]') : givenKey; | ||
var key = options.allowDots ? givenKey.replace(/\.([^.[]+)/g, '[$1]') : givenKey; | ||
// The regex chunks | ||
var parent = /^([^\[\]]*)/; | ||
var child = /(\[[^\[\]]*\])/g; | ||
var parent = /^([^[]*)/; | ||
var child = /(\[[^[\]]*])/g; | ||
@@ -116,5 +116,5 @@ // Get the parent | ||
i += 1; | ||
if (!options.plainObjects && has.call(Object.prototype, segment[1].replace(/\[|\]/g, ''))) { | ||
if (!options.plainObjects && has.call(Object.prototype, segment[1].slice(1, -1))) { | ||
if (!options.allowPrototypes) { | ||
continue; | ||
return; | ||
} | ||
@@ -121,0 +121,0 @@ } |
@@ -5,3 +5,3 @@ { | ||
"homepage": "https://github.com/ljharb/qs", | ||
"version": "6.2.1", | ||
"version": "6.2.2", | ||
"repository": { | ||
@@ -8,0 +8,0 @@ "type": "git", |
@@ -125,6 +125,6 @@ 'use strict'; | ||
st.deepEqual(qs.parse('a[]=b&a[t]=u&a[hasOwnProperty]=c', { allowPrototypes: false }), { a: { '0': 'b', c: true, t: 'u' } }); | ||
st.deepEqual(qs.parse('a[]=b&a[t]=u&a[hasOwnProperty]=c', { allowPrototypes: true }), { a: { '0': 'b', t: 'u', hasOwnProperty: 'c' } }); | ||
st.deepEqual(qs.parse('a[]=b&a[hasOwnProperty]=c&a[x]=y', { allowPrototypes: false }), { a: { '0': 'b', '1': 'c', x: 'y' } }); | ||
st.deepEqual(qs.parse('a[]=b&a[hasOwnProperty]=c&a[x]=y', { allowPrototypes: true }), { a: { '0': 'b', hasOwnProperty: 'c', x: 'y' } }); | ||
st.deepEqual(qs.parse('a[]=b&a[t]=u&a[hasOwnProperty]=c', { allowPrototypes: false }), { a: { 0: 'b', t: 'u' } }); | ||
st.deepEqual(qs.parse('a[]=b&a[t]=u&a[hasOwnProperty]=c', { allowPrototypes: true }), { a: { 0: 'b', t: 'u', hasOwnProperty: 'c' } }); | ||
st.deepEqual(qs.parse('a[]=b&a[hasOwnProperty]=c&a[x]=y', { allowPrototypes: false }), { a: { 0: 'b', x: 'y' } }); | ||
st.deepEqual(qs.parse('a[]=b&a[hasOwnProperty]=c&a[x]=y', { allowPrototypes: true }), { a: { 0: 'b', hasOwnProperty: 'c', x: 'y' } }); | ||
st.end(); | ||
@@ -406,8 +406,33 @@ }); | ||
t.test('does not allow overwriting prototype properties', function (st) { | ||
st.deepEqual(qs.parse('a[hasOwnProperty]=b', { allowPrototypes: false }), {}); | ||
st.deepEqual(qs.parse('hasOwnProperty=b', { allowPrototypes: false }), {}); | ||
st.deepEqual( | ||
qs.parse('toString', { allowPrototypes: false }), | ||
{}, | ||
'bare "toString" results in {}' | ||
); | ||
st.end(); | ||
}); | ||
t.test('can allow overwriting prototype properties', function (st) { | ||
st.deepEqual(qs.parse('a[hasOwnProperty]=b', { allowPrototypes: true }), { a: { hasOwnProperty: 'b' } }, { prototype: false }); | ||
st.deepEqual(qs.parse('hasOwnProperty=b', { allowPrototypes: true }), { hasOwnProperty: 'b' }, { prototype: false }); | ||
st.deepEqual(qs.parse('a[hasOwnProperty]=b', { allowPrototypes: true }), { a: { hasOwnProperty: 'b' } }); | ||
st.deepEqual(qs.parse('hasOwnProperty=b', { allowPrototypes: true }), { hasOwnProperty: 'b' }); | ||
st.deepEqual( | ||
qs.parse('toString', { allowPrototypes: true }), | ||
{ toString: '' }, | ||
'bare "toString" results in { toString: "" }' | ||
); | ||
st.end(); | ||
}); | ||
t.test('params starting with a closing bracket', function (st) { | ||
st.deepEqual(qs.parse(']=toString'), { ']': 'toString' }); | ||
st.end(); | ||
}); | ||
t.test('can return plain objects', function (st) { | ||
@@ -414,0 +439,0 @@ var expected = Object.create(null); |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
83479
1442