diff options
author | Austin Kelleher <austinlkelleher@gmail.com> | 2022-04-12 17:34:59 +0300 |
---|---|---|
committer | Juan José Arboleda <soyjuanarbol@gmail.com> | 2022-10-11 22:45:20 +0300 |
commit | f700074c57e3409f551197282b7c26a04ce2ba99 (patch) | |
tree | 84aebac464932968f001e54f935146c4d9e38a9b /lib | |
parent | db151e182f5a28ffb043b3154edb2a5b9d758810 (diff) |
buffer: fix `atob` input validation
This commit fixes a few inconsistencies between Node.js `atob`
implementation and the WHATWG spec.
Refs: https://infra.spec.whatwg.org/#forgiving-base64-decode
Fixes: https://github.com/nodejs/node/issues/42646
PR-URL: https://github.com/nodejs/node/pull/42662
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Akhil Marsonya <akhil.marsonya27@gmail.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/buffer.js | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/lib/buffer.js b/lib/buffer.js index 874b9b55959..cb29d93f35e 100644 --- a/lib/buffer.js +++ b/lib/buffer.js @@ -26,7 +26,7 @@ const { ArrayFrom, ArrayIsArray, ArrayPrototypeForEach, - ArrayPrototypeIncludes, + ArrayPrototypeIndexOf, MathFloor, MathMin, MathTrunc, @@ -1265,12 +1265,31 @@ function atob(input) { if (arguments.length === 0) { throw new ERR_MISSING_ARGS('input'); } + input = `${input}`; + let nonAsciiWhitespaceCharCount = 0; + for (let n = 0; n < input.length; n++) { - if (!ArrayPrototypeIncludes(kForgivingBase64AllowedChars, - StringPrototypeCharCodeAt(input, n))) + const index = ArrayPrototypeIndexOf( + kForgivingBase64AllowedChars, + StringPrototypeCharCodeAt(input, n)); + + if (index > 4) { + // The first 5 elements of `kForgivingBase64AllowedChars` are + // ASCII whitespace char codes. + nonAsciiWhitespaceCharCount++; + } else if (index === -1) { throw lazyDOMException('Invalid character', 'InvalidCharacterError'); + } } + + // See #3 - https://infra.spec.whatwg.org/#forgiving-base64 + if (nonAsciiWhitespaceCharCount % 4 === 1) { + throw lazyDOMException( + 'The string to be decoded is not correctly encoded.', + 'InvalidCharacterError'); + } + return Buffer.from(input, 'base64').toString('latin1'); } |