socket.io-parser
4.2.44.2.6
build/esm-debug/index.js~
build/esm-debug/index.jsModified+60−15
Index: package/build/esm-debug/index.js
===================================================================
--- package/build/esm-debug/index.js
+++ package/build/esm-debug/index.js
@@ -6,13 +6,13 @@
/**
* These strings must not be used as event names, as they have a special meaning.
*/
const RESERVED_EVENTS = [
- "connect",
- "connect_error",
- "disconnect",
- "disconnecting",
- "newListener",
+ "connect", // used on the client side
+ "connect_error", // used on the client side
+ "disconnect", // used on both sides
+ "disconnecting", // used on the server side
+ "newListener", // used by the Node.js EventEmitter
"removeListener", // used by the Node.js EventEmitter
];
/**
* Protocol version.
@@ -103,26 +103,23 @@
buffers.unshift(pack); // add packet info to beginning of data list
return buffers; // write all the buffers
}
}
-// see https://stackoverflow.com/questions/8511281/check-if-a-value-is-an-object-in-javascript
-function isObject(value) {
- return Object.prototype.toString.call(value) === "[object Object]";
-}
/**
* A socket.io Decoder instance
*
* @return {Object} decoder
*/
export class Decoder extends Emitter {
/**
* Decoder constructor
- *
- * @param {function} reviver - custom reviver to pass down to JSON.stringify
*/
- constructor(reviver) {
+ constructor(opts) {
super();
- this.reviver = reviver;
+ this.opts = Object.assign({
+ reviver: undefined,
+ maxAttachments: 10,
+ }, typeof opts === "function" ? { reviver: opts } : opts);
}
/**
* Decodes an encoded packet string into packet JSON.
*
@@ -191,9 +188,16 @@
const buf = str.substring(start, i);
if (buf != Number(buf) || str.charAt(i) !== "-") {
throw new Error("Illegal attachments");
}
- p.attachments = Number(buf);
+ const n = Number(buf);
+ if (!isInteger(n) || n < 0) {
+ throw new Error("Illegal attachments");
+ }
+ else if (n > this.opts.maxAttachments) {
+ throw new Error("too many attachments");
+ }
+ p.attachments = n;
}
// look up namespace (if any)
if ("/" === str.charAt(i + 1)) {
const start = i + 1;
@@ -238,9 +242,9 @@
return p;
}
tryParse(str) {
try {
- return JSON.parse(str, this.reviver);
+ return JSON.parse(str, this.opts.reviver);
}
catch (e) {
return false;
}
@@ -313,4 +317,45 @@
this.reconPack = null;
this.buffers = [];
}
}
+function isNamespaceValid(nsp) {
+ return typeof nsp === "string";
+}
+// see https://caniuse.com/mdn-javascript_builtins_number_isinteger
+const isInteger = Number.isInteger ||
+ function (value) {
+ return (typeof value === "number" &&
+ isFinite(value) &&
+ Math.floor(value) === value);
+ };
+function isAckIdValid(id) {
+ return id === undefined || isInteger(id);
+}
+// see https://stackoverflow.com/questions/8511281/check-if-a-value-is-an-object-in-javascript
+function isObject(value) {
+ return Object.prototype.toString.call(value) === "[object Object]";
+}
+function isDataValid(type, payload) {
+ switch (type) {
+ case PacketType.CONNECT:
+ return payload === undefined || isObject(payload);
+ case PacketType.DISCONNECT:
+ return payload === undefined;
+ case PacketType.EVENT:
+ return (Array.isArray(payload) &&
+ (typeof payload[0] === "number" ||
+ (typeof payload[0] === "string" &&
+ RESERVED_EVENTS.indexOf(payload[0]) === -1)));
+ case PacketType.ACK:
+ return Array.isArray(payload);
+ case PacketType.CONNECT_ERROR:
+ return typeof payload === "string" || isObject(payload);
+ default:
+ return false;
+ }
+}
+export function isPacketValid(packet) {
+ return (isNamespaceValid(packet.nsp) &&
+ isAckIdValid(packet.id) &&
+ isDataValid(packet.type, packet.data));
+}