File tree 2 files changed +7
-4
lines changed
2 files changed +7
-4
lines changed Original file line number Diff line number Diff line change @@ -6,7 +6,7 @@ var multiMatcher = new RegExp('(' + token + ')+', 'gi');
66function decodeComponents ( components , split ) {
77 try {
88 // Try to decode the entire string first
9- return decodeURIComponent ( components . join ( '' ) ) ;
9+ return [ decodeURIComponent ( components . join ( '' ) ) ] ;
1010 } catch ( err ) {
1111 // Do nothing
1212 }
@@ -28,12 +28,12 @@ function decode(input) {
2828 try {
2929 return decodeURIComponent ( input ) ;
3030 } catch ( err ) {
31- var tokens = input . match ( singleMatcher ) ;
31+ var tokens = input . match ( singleMatcher ) || [ ] ;
3232
3333 for ( var i = 1 ; i < tokens . length ; i ++ ) {
3434 input = decodeComponents ( tokens , i ) . join ( '' ) ;
3535
36- tokens = input . match ( singleMatcher ) ;
36+ tokens = input . match ( singleMatcher ) || [ ] ;
3737 }
3838
3939 return input ;
Original file line number Diff line number Diff line change @@ -32,7 +32,10 @@ const tests = {
3232 '%C2x' : '\uFFFDx' ,
3333 '%C2%B5' : 'µ' ,
3434 '%C2%B5%' : 'µ%' ,
35- '%%C2%B5%' : '%µ%'
35+ '%%C2%B5%' : '%µ%' ,
36+
37+ // This should actually return `%ea%baZ%ba`, but fixes a DOS attack for now
38+ '%ea%ba%5a%ba' : '꺺'
3639} ;
3740
3841function macro ( t , input , expected ) {
You can’t perform that action at this time.
0 commit comments