qs - npm Package Compare versions

Comparing version 6.2.1 to 6.2.2

CHANGELOG.md

		@@ -0,1 +1,4 @@
		## 6.2.2
		- [Fix] ensure that `allowPrototypes: false` does not ever shadow Object.prototype properties

		## 6.2.1
		@@ -2,0 +5,0 @@ - [Fix] ensure `key[]=x&key[]&key[]=y` results in 3, not 2, values

dist/qs.js

		@@ -70,3 +70,3 @@ (function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.Qs = f()}})(function(){var define,module,exports;return (function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);var f=new Error("Cannot find module '"+o+"'");throw f.code="MODULE_NOT_FOUND",f}var l=n[o]={exports:{}};t[o][0].call(l.exports,function(e){var n=t[o][1][e];return s(n?n:e)},l,l.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o<r.length;o++)s(r[o]);return s})({1:[function(require,module,exports){
		obj = options.plainObjects ? Object.create(null) : {};
		var cleanRoot = root[0] === '[' && root[root.length - 1] === ']' ? root.slice(1, root.length - 1) : root;
		var cleanRoot = root.charAt(0) === '[' && root.charAt(root.length - 1) === ']' ? root.slice(1, -1) : root;
		var index = parseInt(cleanRoot, 10);
		@@ -96,8 +96,8 @@ if (
		// Transform dot notation to bracket notation
		var key = options.allowDots ? givenKey.replace(/\.([^\.\[]+)/g, '[$1]') : givenKey;
		var key = options.allowDots ? givenKey.replace(/\.([^.[]+)/g, '[$1]') : givenKey;

		// The regex chunks

		var parent = /^([^\[\]]*)/;
		var child = /(\[[^\[\]]*\])/g;
		var parent = /^([^[]*)/;
		var child = /(\[[^[\]]*])/g;

		@@ -128,5 +128,5 @@ // Get the parent
		i += 1;
		if (!options.plainObjects && has.call(Object.prototype, segment[1].replace(/\[\|\]/g, ''))) {
		if (!options.plainObjects && has.call(Object.prototype, segment[1].slice(1, -1))) {
		if (!options.allowPrototypes) {
		continue;
		return;
		}
		@@ -133,0 +133,0 @@ }

lib/parse.js

		@@ -58,3 +58,3 @@ 'use strict';
		obj = options.plainObjects ? Object.create(null) : {};
		var cleanRoot = root[0] === '[' && root[root.length - 1] === ']' ? root.slice(1, root.length - 1) : root;
		var cleanRoot = root.charAt(0) === '[' && root.charAt(root.length - 1) === ']' ? root.slice(1, -1) : root;
		var index = parseInt(cleanRoot, 10);
		@@ -84,8 +84,8 @@ if (
		// Transform dot notation to bracket notation
		var key = options.allowDots ? givenKey.replace(/\.([^\.\[]+)/g, '[$1]') : givenKey;
		var key = options.allowDots ? givenKey.replace(/\.([^.[]+)/g, '[$1]') : givenKey;

		// The regex chunks

		var parent = /^([^\[\]]*)/;
		var child = /(\[[^\[\]]*\])/g;
		var parent = /^([^[]*)/;
		var child = /(\[[^[\]]*])/g;

		@@ -116,5 +116,5 @@ // Get the parent
		i += 1;
		if (!options.plainObjects && has.call(Object.prototype, segment[1].replace(/\[\|\]/g, ''))) {
		if (!options.plainObjects && has.call(Object.prototype, segment[1].slice(1, -1))) {
		if (!options.allowPrototypes) {
		continue;
		return;
		}
		@@ -121,0 +121,0 @@ }

package.json

		@@ -5,3 +5,3 @@ {
		"homepage": "https://github.com/ljharb/qs",
		"version": "6.2.1",
		"version": "6.2.2",
		"repository": {
		@@ -8,0 +8,0 @@ "type": "git",

test/parse.js

		@@ -125,6 +125,6 @@ 'use strict';

		st.deepEqual(qs.parse('a[]=b&a[t]=u&a[hasOwnProperty]=c', { allowPrototypes: false }), { a: { '0': 'b', c: true, t: 'u' } });
		st.deepEqual(qs.parse('a[]=b&a[t]=u&a[hasOwnProperty]=c', { allowPrototypes: true }), { a: { '0': 'b', t: 'u', hasOwnProperty: 'c' } });
		st.deepEqual(qs.parse('a[]=b&a[hasOwnProperty]=c&a[x]=y', { allowPrototypes: false }), { a: { '0': 'b', '1': 'c', x: 'y' } });
		st.deepEqual(qs.parse('a[]=b&a[hasOwnProperty]=c&a[x]=y', { allowPrototypes: true }), { a: { '0': 'b', hasOwnProperty: 'c', x: 'y' } });
		st.deepEqual(qs.parse('a[]=b&a[t]=u&a[hasOwnProperty]=c', { allowPrototypes: false }), { a: { 0: 'b', t: 'u' } });
		st.deepEqual(qs.parse('a[]=b&a[t]=u&a[hasOwnProperty]=c', { allowPrototypes: true }), { a: { 0: 'b', t: 'u', hasOwnProperty: 'c' } });
		st.deepEqual(qs.parse('a[]=b&a[hasOwnProperty]=c&a[x]=y', { allowPrototypes: false }), { a: { 0: 'b', x: 'y' } });
		st.deepEqual(qs.parse('a[]=b&a[hasOwnProperty]=c&a[x]=y', { allowPrototypes: true }), { a: { 0: 'b', hasOwnProperty: 'c', x: 'y' } });
		st.end();
		@@ -406,8 +406,33 @@ });

		t.test('does not allow overwriting prototype properties', function (st) {
		st.deepEqual(qs.parse('a[hasOwnProperty]=b', { allowPrototypes: false }), {});
		st.deepEqual(qs.parse('hasOwnProperty=b', { allowPrototypes: false }), {});

		st.deepEqual(
		qs.parse('toString', { allowPrototypes: false }),
		{},
		'bare "toString" results in {}'
		);

		st.end();
		});

		t.test('can allow overwriting prototype properties', function (st) {
		st.deepEqual(qs.parse('a[hasOwnProperty]=b', { allowPrototypes: true }), { a: { hasOwnProperty: 'b' } }, { prototype: false });
		st.deepEqual(qs.parse('hasOwnProperty=b', { allowPrototypes: true }), { hasOwnProperty: 'b' }, { prototype: false });
		st.deepEqual(qs.parse('a[hasOwnProperty]=b', { allowPrototypes: true }), { a: { hasOwnProperty: 'b' } });
		st.deepEqual(qs.parse('hasOwnProperty=b', { allowPrototypes: true }), { hasOwnProperty: 'b' });

		st.deepEqual(
		qs.parse('toString', { allowPrototypes: true }),
		{ toString: '' },
		'bare "toString" results in { toString: "" }'
		);

		st.end();
		});

		t.test('params starting with a closing bracket', function (st) {
		st.deepEqual(qs.parse(']=toString'), { ']': 'toString' });
		st.end();
		});

		t.test('can return plain objects', function (st) {
		@@ -414,0 +439,0 @@ var expected = Object.create(null);

qs - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics