Moduletrace/bunext
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4f5445e3df
bunext/dist/utils/deserialize-query.js

34 lines
1.1 KiB
JavaScript
Raw Blame History

import EJSON from "./ejson";
const DANGEROUS_KEYS = new Set(["__proto__", "constructor", "prototype"]);
function sanitize(value) {
if (value === null || typeof value !== "object")
return value;
if (Array.isArray(value))
return value.map(sanitize);
const clean = Object.create(null);
for (const key of Object.keys(value)) {
if (DANGEROUS_KEYS.has(key))
continue;
clean[key] = sanitize(value[key]);
}
return clean;
}
export default function deserializeQuery(query) {
let queryObject = typeof query == "object" ? query : Object(EJSON.parse(query));
const keys = Object.keys(queryObject);
for (let i = 0; i < keys.length; i++) {
const key = keys[i];
const value = queryObject[key];
if (DANGEROUS_KEYS.has(key)) {
delete queryObject[key];
continue;
}
if (typeof value == "string") {
if (value.match(/^\{|^\[/)) {
queryObject[key] = sanitize(EJSON.parse(value));
}
}
}
return sanitize(queryObject);
}
Reference in New Issue View Git Blame Copy Permalink