From 980e0bf09b64d94f1aa79012f895816c30ffd152 Mon Sep 17 00:00:00 2001 From: Sam Verschueren Date: Thu, 1 Dec 2022 19:18:04 +0100 Subject: [PATCH] Prevent overwriting previously decoded tokens --- index.js | 2 +- test.js | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/index.js b/index.js index d33e06e..24e7db0 100644 --- a/index.js +++ b/index.js @@ -1,6 +1,6 @@ 'use strict'; var token = '%[a-f0-9]{2}'; -var singleMatcher = new RegExp(token, 'gi'); +var singleMatcher = new RegExp('(' + token + ')|([^%]+?)', 'gi'); var multiMatcher = new RegExp('(' + token + ')+', 'gi'); function decodeComponents(components, split) { diff --git a/test.js b/test.js index c083cc6..86fabd5 100644 --- a/test.js +++ b/test.js @@ -33,9 +33,9 @@ const tests = { '%C2%B5': 'µ', '%C2%B5%': 'µ%', '%%C2%B5%': '%µ%', - - // This should actually return `%ea%baZ%ba`, but fixes a DOS attack for now - '%ea%ba%5a%ba': '꺺' + '%ea%ba%5a%ba': '%ea%baZ%ba', + '%C3%5A%A5': '%C3Z%A5', + '%C3%5A%A5%AB': '%C3Z%A5%AB' }; function macro(t, input, expected) {