Skip to content

Commit

Permalink
[ParrableIdSystem] Ensure base64 payload is url-safe (#6258)
Browse files Browse the repository at this point in the history
* Added url safe base64 encoding

* Added url safe base64 encoding test

Co-authored-by: Victor <victorigualada@gmail.com>
  • Loading branch information
icflournoy and victorigualada authored Feb 3, 2021
1 parent 8c0c7ab commit 951f1e4
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 1 deletion.
11 changes: 10 additions & 1 deletion modules/parrableIdSystem.js
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,15 @@ function isValidConfig(configParams) {
return true;
}

function encodeBase64UrlSafe(base64) {
const ENC = {
'+': '-',
'/': '_',
'=': '.'
};
return base64.replace(/[+/=]/g, (m) => ENC[m]);
}

function readCookie() {
const parrableIdStr = storage.getCookie(PARRABLE_COOKIE_NAME);
if (parrableIdStr) {
Expand Down Expand Up @@ -182,7 +191,7 @@ function fetchId(configParams) {
};

const searchParams = {
data: btoa(JSON.stringify(data)),
data: encodeBase64UrlSafe(btoa(JSON.stringify(data))),
_rand: Math.random()
};

Expand Down
13 changes: 13 additions & 0 deletions test/spec/modules/parrableIdSystem_spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,19 @@ describe('Parrable ID System', function() {
expect(server.requests[0].url).to.contain('us_privacy=' + uspString);
});

it('xhr base64 safely encodes url data object', function() {
const urlSafeBase64EncodedData = '-_.';
const btoaStub = sinon.stub(window, 'btoa').returns('+/=');
let getIdResult = parrableIdSubmodule.getId(P_CONFIG_MOCK);

getIdResult.callback(callbackSpy);

let request = server.requests[0];
let queryParams = utils.parseQS(request.url.split('?')[1]);
expect(queryParams.data).to.equal(urlSafeBase64EncodedData);
btoaStub.restore();
});

it('should log an error and continue to callback if ajax request errors', function () {
let callBackSpy = sinon.spy();
let submoduleCallback = parrableIdSubmodule.getId({ params: {partner: 'prebid'} }).callback;
Expand Down

0 comments on commit 951f1e4

Please sign in to comment.