querystring: manage percent character at unescape

Related: https://github.com/nodejs/node/issues/33892 Fixes: https://github.com/nodejs/node/issues/35012 PR-URL: https://github.com/nodejs/node/pull/35013 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Shingo Inoue <leko.noor@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
2020-09-02 03:23:13 +09:00 · 2020-09-02 03:23:13 +09:00 · 3b925219c3
parent 07423b5472
commit 3b925219c3
2 changed files with 6 additions and 3 deletions
--- a/lib/querystring.js
+++ b/lib/querystring.js
@ -94,13 +94,13 @@ function unescapeBuffer(s, decodeSpaces) {
      hexHigh = unhexTable[currentChar];
      if (!(hexHigh >= 0)) {
        out[outIndex++] = 37; // '%'
+        continue;
      } else {
        nextChar = s.charCodeAt(++index);
        hexLow = unhexTable[nextChar];
        if (!(hexLow >= 0)) {
          out[outIndex++] = 37; // '%'
-          out[outIndex++] = currentChar;
-          currentChar = nextChar;
+          index--;
        } else {
          hasHex = true;
          currentChar = hexHigh * 16 + hexLow;
--- a/test/parallel/test-querystring.js
+++ b/test/parallel/test-querystring.js
@ -175,7 +175,10 @@ const qsUnescapeTestCases = [
  ['there%2Qare%0-fake%escaped values in%%%%this%9Hstring',
   'there%2Qare%0-fake%escaped values in%%%%this%9Hstring'],
  ['%20%21%22%23%24%25%26%27%28%29%2A%2B%2C%2D%2E%2F%30%31%32%33%34%35%36%37',
-   ' !"#$%&\'()*+,-./01234567']
+   ' !"#$%&\'()*+,-./01234567'],
+  ['%%2a', '%*'],
+  ['%2sf%2a', '%2sf*'],
+  ['%2%2af%2a', '%2*f*']
 ];

 assert.strictEqual(qs.parse('id=918854443121279438895193').id,