Comments (10)
Is this a bug?
from qs.
technically? it's a side effect of not allowing properties that match those on the object prototype. the solution is switching to a plain object for storage so we don't care about the prototype
from qs.
labeled this as a breaking change due to the returned objects being a plain object now
from qs.
This might not have been the right solution. So now these objects fail in places where the result is being treated as an object with a default prototype. I think a better approach would be to add a prefix to the keys instead when overlapping with prototype methods and have some logic if the prefixed version is also present (e.g. some kind of escaping).
from qs.
I still think it should work like JSON.parse, which uses the default prototype and doesn't have any dropping issue. I tried to update body-parser to 3.x but encountered lots of user push back. Same for Express req.query.
from qs.
JSON.parse does have overriding issues
> var o = JSON.parse('{"hasOwnProperty":"toaster"}');
> o.hasOwnProperty('test');
TypeError: string is not a function
at repl:1:3
at REPLServer.defaultEval (repl.js:132:27)
at bound (domain.js:254:14)
at REPLServer.runBound [as eval] (domain.js:267:12)
at REPLServer.<anonymous> (repl.js:279:12)
at REPLServer.emit (events.js:107:17)
at REPLServer.Interface._onLine (readline.js:214:10)
at REPLServer.Interface._line (readline.js:553:8)
at REPLServer.Interface._ttyWrite (readline.js:830:14)
at ReadStream.onkeypress (readline.js:109:10)
Prefixing keys that would overwrite properties from the prototype would work, but then it's kind of awkward to access them since the consumer would have to be aware that they'll be prefixed
from qs.
This issue I opened is not about overriding issues; it is about dropping properties.
from qs.
Right, but one of the main concerns of this module was to resolve the security concerns present in the original, one of which being that it's possible to override object prototype properties. I can't sacrifice one to allow the other, so we need to figure out some way to accommodate both.
from qs.
Regardless, I am indifferent about the module's direction :) I need W3C parsing compliance and with the closure of #63 I will simply be moving to a different module rather than 3.0 (especially with some massive Express community blow back when I tried to update this module to 3.0 because of the null prototype issue).
from qs.
Yeah, given all the bike shedding and random issues, I'm very seriously considering dropping all the extraneous crap and going back to #63 instead. This module has become a bit of a nightmare to maintain.
from qs.
Related Issues (20)
- Serialization for `Date` is not working when using `filter` option. HOT 3
- Issue using qs while using Express@5 HOT 7
- qs.stringify(json) and qs.parse(json) Results are inconsistent with expectations HOT 4
- Parsing the stringify result would lead to a different object HOT 1
- qs parse is not letting app load on production when imported from index.tsx HOT 1
- Feature request: export another endpoint that doesn't depend on function-bind and possibly other polyfills HOT 10
- Does not work in NextJS edge middleware HOT 3
- Stringify method with format: "RFC1738" does not encode parentheses -> ( ) HOT 3
- I'm appreciate with this library, however my new project use python. Are there any same packages in Python? HOT 1
- How can you keep the square brackets when using arrayFormat: comma HOT 4
- Add required key and type checking HOT 2
- qs.parse return different while the query is in different position HOT 1
- Problem with stringify in Vite targeting ES2020 HOT 3
- Trouble with commaRoundTrip HOT 1
- Problem with arrayFormat: "comma" HOT 2
- Exclude the value of a certain key, from getting encoded HOT 9
- Cannot use qs with Vite bundler HOT 3
- Incorrect parsing of nested params with closing square bracket ] in property name
- [spam]
- A question about CVE-2022-24999 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from qs.