Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: socketio/socket.io-parser
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: main
Choose a base ref
...
head repository: socketio/socket.io-parser
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 3.4.x
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 4 commits
  • 7 files changed
  • 1 contributor

Commits on Nov 9, 2022

  1. fix: check the format of the index of each attachment 

    A specially crafted packet could be incorrectly decoded.

Example:

```js
const decoder = new Decoder();

decoder.on("decoded", (packet) => {
  console.log(packet.data); // prints [ 'hello', [Function: splice] ]
})

decoder.add('51-["hello",{"_placeholder":true,"num":"splice"}]');
decoder.add(Buffer.from("world"));
```

As usual, please remember not to trust user input.

Backported from b5d0cb7
    @darrachequesne
    darrachequesne committed Nov 9, 2022
    Configuration menu
    Copy the full SHA
    04d23ce View commit details
    Browse the repository at this point in the history

  2. chore(release): 3.4.2 

    Diff: 3.4.1...3.4.2
    @darrachequesne
    darrachequesne committed Nov 9, 2022
    Configuration menu
    Copy the full SHA
    4b3c191 View commit details
    Browse the repository at this point in the history

Commits on May 22, 2023

  1. fix: check the format of the event name 

    A packet like '2[{"toString":"foo"}]' was decoded as:

{
  type: EVENT,
  data: [ { "toString": "foo" } ]
}

Which would then throw an error when passed to the EventEmitter class:

> TypeError: Cannot convert object to primitive value
>    at Socket.emit (node:events:507:25)
>    at .../node_modules/socket.io/lib/socket.js:531:14

History of the isPayloadValid() method:

- added in [78f9fc2](78f9fc2) (v4.0.1, socket.io@3.0.0)
- updated in [1c220dd](1c220dd) (v4.0.4, socket.io@3.1.0)

Backported from 3b78117
    @darrachequesne
    darrachequesne committed May 22, 2023
    Configuration menu
    Copy the full SHA
    2dc3c92 View commit details
    Browse the repository at this point in the history

  2. chore(release): 3.4.3 

    Diff: 3.4.2...3.4.3
    @darrachequesne
    darrachequesne committed May 22, 2023
    Configuration menu
    Copy the full SHA
    060339a View commit details
    Browse the repository at this point in the history
Loading
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy