mirrors/axios
2
0
Fork 0
mirror of https://github.com/tenrok/axios.git synced 2026-06-23 20:40:40 +03:00
Code Activity

fix(security): ignore inherited parseReviver and related config reads

Browse Source
This commit is contained in:
Jason Saayman
2026-04-18 15:14:42 +02:00
parent 17b90d0be6
commit 70302b6c90
1 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/defaults/index.js
+13 -8
View File
@@ -8,6 +8,8 @@ import toURLEncodedForm from '../helpers/toURLEncodedForm.js';
import platform from '../platform/index.js'; import platform from '../platform/index.js';
import formDataToJSON from '../helpers/formDataToJSON.js'; import formDataToJSON from '../helpers/formDataToJSON.js';
const own = (obj, key) => (obj != null && utils.hasOwnProp(obj, key) ? obj[key] : undefined);
/** /**
* It takes a string, tries to parse it, and if it fails, it returns the stringified version * It takes a string, tries to parse it, and if it fails, it returns the stringified version
* of the input * of the input
@@ -75,20 +77,22 @@ const defaults = {
let isFileList; let isFileList;
if (isObjectPayload) { if (isObjectPayload) {
const formSerializer = own(this, 'formSerializer');
if (contentType.indexOf('application/x-www-form-urlencoded') > -1) { if (contentType.indexOf('application/x-www-form-urlencoded') > -1) {
return toURLEncodedForm(data, this.formSerializer).toString(); return toURLEncodedForm(data, formSerializer).toString();
} }
if ( if (
(isFileList = utils.isFileList(data)) || (isFileList = utils.isFileList(data)) ||
contentType.indexOf('multipart/form-data') > -1 contentType.indexOf('multipart/form-data') > -1
) { ) {
const _FormData = this.env && this.env.FormData; const env = own(this, 'env');
const _FormData = env && env.FormData;
return toFormData( return toFormData(
isFileList ? { 'files[]': data } : data, isFileList ? { 'files[]': data } : data,
_FormData && new _FormData(), _FormData && new _FormData(),
this.formSerializer formSerializer
); );
} }
} }
@@ -104,9 +108,10 @@ const defaults = {
transformResponse: [ transformResponse: [
function transformResponse(data) { function transformResponse(data) {
const transitional = this.transitional || defaults.transitional; const transitional = own(this, 'transitional') || defaults.transitional;
const forcedJSONParsing = transitional && transitional.forcedJSONParsing; const forcedJSONParsing = transitional && transitional.forcedJSONParsing;
const JSONRequested = this.responseType === 'json'; const responseType = own(this, 'responseType');
const JSONRequested = responseType === 'json';
if (utils.isResponse(data) || utils.isReadableStream(data)) { if (utils.isResponse(data) || utils.isReadableStream(data)) {
return data; return data;
@@ -115,17 +120,17 @@ const defaults = {
if ( if (
data && data &&
utils.isString(data) && utils.isString(data) &&
((forcedJSONParsing && !this.responseType) || JSONRequested) ((forcedJSONParsing && !responseType) || JSONRequested)
) { ) {
const silentJSONParsing = transitional && transitional.silentJSONParsing; const silentJSONParsing = transitional && transitional.silentJSONParsing;
const strictJSONParsing = !silentJSONParsing && JSONRequested; const strictJSONParsing = !silentJSONParsing && JSONRequested;
try { try {
return JSON.parse(data, this.parseReviver); return JSON.parse(data, own(this, 'parseReviver'));
} catch (e) { } catch (e) {
if (strictJSONParsing) { if (strictJSONParsing) {
if (e.name === 'SyntaxError') { if (e.name === 'SyntaxError') {
throw AxiosError.from(e, AxiosError.ERR_BAD_RESPONSE, this, null, this.response); throw AxiosError.from(e, AxiosError.ERR_BAD_RESPONSE, this, null, own(this, 'response'));
} }
throw e; throw e;
} }