From e07add6ca2fde8f7150ba58f73b53e214d30a3f3 Mon Sep 17 00:00:00 2001 From: Tobias Diez Date: Tue, 18 Oct 2022 12:15:01 +0000 Subject: [PATCH 1/3] feat: add option `strict` that throws an error if the input is not valid JSON. --- README.md | 6 ++++++ src/index.ts | 14 ++++++++++++-- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 580f8c1..ce3ce28 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,12 @@ import destr from 'https://deno.land/x/destr/src/index.ts' console.log(destr('{ "deno": "yay" }')) ``` +### Options + +`destr` allows the following options as the second argument: + +- `strict` (default: `false`): If set to `true`, `destr` will throw an error if the input is not a valid JSON string. + ## Why? Please note that `destr` is little bit slower when parsing a standard JSON string mainly because of transform to avoid [prototype pollution](https://hueniverse.com/a-tale-of-prototype-poisoning-2610fa170061) which can lead to serious security issues if not being sanitized. In the other words, `destr` is better when input is not always a json string or from untrusted source like request body. diff --git a/src/index.ts b/src/index.ts index 5c2bfd9..39c640a 100644 --- a/src/index.ts +++ b/src/index.ts @@ -12,7 +12,11 @@ function jsonParseTransform (key: string, value: any): any { return value } -export default function destr (val: any): any { +export type Options = { + strict?: boolean +} + +export default function destr (val: any, options: Options): any { if (typeof val !== 'string') { return val } @@ -26,6 +30,9 @@ export default function destr (val: any): any { if (_lval === 'undefined') { return undefined } if (!JsonSigRx.test(val)) { + if (options.strict) { + throw new SyntaxError('Invalid JSON') + } return val } @@ -34,7 +41,10 @@ export default function destr (val: any): any { return JSON.parse(val, jsonParseTransform) } return JSON.parse(val) - } catch (_e) { + } catch (error) { + if (options.strict) { + throw error + } return val } } From e52c28c86360dac0e84f4f8cb6d340f174a59dd5 Mon Sep 17 00:00:00 2001 From: Pooya Parsa Date: Wed, 19 Oct 2022 11:34:45 +0200 Subject: [PATCH 2/3] fix: options is optional --- src/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/index.ts b/src/index.ts index 39c640a..4135519 100644 --- a/src/index.ts +++ b/src/index.ts @@ -16,7 +16,7 @@ export type Options = { strict?: boolean } -export default function destr (val: any, options: Options): any { +export default function destr (val: any, options: Options = {}): any { if (typeof val !== 'string') { return val } From 910f4ddd07607e5982f026b1d2fb5928dbe88db3 Mon Sep 17 00:00:00 2001 From: Pooya Parsa Date: Wed, 19 Oct 2022 11:39:15 +0200 Subject: [PATCH 3/3] update readme --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ce3ce28..6b89a53 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,19 @@ console.log(destr('{ "deno": "yay" }')) `destr` allows the following options as the second argument: -- `strict` (default: `false`): If set to `true`, `destr` will throw an error if the input is not a valid JSON string. +#### `strict` + +Default: `false` + +If set to `true`, `destr` will throw an error if the input is not a valid JSON string or parsing fails. + +```js +// Returns "[foo" +destr('[foo') + +// Throws an error +destr('[foo', { strict: true }) +``` ## Why?