Skip to content

buffer: atob throw error when the input value is invalid #42662

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
aduh95 merged 6 commits into from
Apr 12, 2022
Merged

buffer: atob throw error when the input value is invalid #42662

aduh95 merged 6 commits into from
Apr 12, 2022

Conversation

@austinkelleher
Copy link
Contributor

@austinkelleher austinkelleher commented Apr 8, 2022
edited
Loading

Description

The specification of atob has various different conditions that we need
to abide by.

See: https://infra.spec.whatwg.org/#forgiving-base64-decode

Fixes: #42646

Considerations

Each of the new cases that are handled added could be considered breaking changes. Consider the following tests run directly from the Chrome console (Version 100.0.4896.75 (Official Build) (arm64)):

atob(undefined)
VM85:1 Uncaught DOMException: Failed to execute 'atob' on 'Window': The string to be decoded is not correctly encoded.
    at <anonymous>:1:1

atob(false)
VM123:1 Uncaught DOMException: Failed to execute 'atob' on 'Window': The string to be decoded is not correctly encoded.
    at <anonymous>:1:1

atob(1)
VM152:1 Uncaught DOMException: Failed to execute 'atob' on 'Window': The string to be decoded is not correctly encoded.

atob(false)
VM187:1 Uncaught DOMException: Failed to execute 'atob' on 'Window': The string to be decoded is not correctly encoded.

atob(0)
VM217:1 Uncaught DOMException: Failed to execute 'atob' on 'Window': The string to be decoded is not correctly encoded.
    at <anonymous>:1:1

atob('a')
VM234:1 Uncaught DOMException: Failed to execute 'atob' on 'Window': The string to be decoded is not correctly encoded.
    at <anonymous>:1:1

atob('a ')
VM243:1 Uncaught DOMException: Failed to execute 'atob' on 'Window': The string to be decoded is not correctly encoded.
    at <anonymous>:1:1

atob(' a')
VM257:1 Uncaught DOMException: Failed to execute 'atob' on 'Window': The string to be decoded is not correctly encoded.
    at <anonymous>:1:1
    
atob('aaaaa')
VM283:1 Uncaught DOMException: Failed to execute 'atob' on 'Window': The string to be decoded is not correctly encoded.
    at <anonymous>:1:1

@nodejs-github-bot nodejs-github-bot added buffer Issues and PRs related to the buffer subsystem. needs-ci PRs that need a full CI run. labels Apr 8, 2022
austinkelleher
austinkelleher commented Apr 8, 2022
View reviewed changes
austinkelleher
austinkelleher commented Apr 8, 2022
View reviewed changes
@austinkelleher austinkelleher force-pushed the 42646-buffer-validation branch from a924347 to 473c352 Compare April 8, 2022 21:19
@austinkelleher
Copy link
Contributor Author

austinkelleher commented Apr 8, 2022

Additional note - I'm happy to split this change into multiple PRs if it's helpful. 😄

@austinkelleher austinkelleher force-pushed the 42646-buffer-validation branch from 473c352 to 2ad1a00 Compare April 8, 2022 21:23
@zloirock
Copy link

zloirock commented Apr 8, 2022

atob now immediately throws when undefined, false, or a number is supplied

It should be converted to a string, so

atob(1234) === '×mø'

is correct

@austinkelleher
Copy link
Contributor Author

austinkelleher commented Apr 8, 2022

@zloirock Thank you for catching...I'll update the PR.

aduh95
aduh95 reviewed Apr 8, 2022
View reviewed changes
@austinkelleher
buffer: atob throw error when the input value is invalid
6f69681 
The specification of `atob` has various different conditions that we
need to abide by. The specific changes that were made:

* `atob` now immediately throws when `undefined`, `false`, or a `number`
  is supplied
* `atob` now strips ASCII whitespace before attempting to decode
* `atob` now validates that the code point's length divided by 4 leaves
  a remainder that is not 1

See: https://infra.spec.whatwg.org/#forgiving-base64-decode

Fixes: nodejs#42646
@austinkelleher
buffer: simplify atob approach of disregarding whitespace
08e4c75 
* Use approach of counting non-ASCII whitespace characters instead of
  removing the characters via string replacement
* Additional atob validation tests have been added
@austinkelleher austinkelleher force-pushed the 42646-buffer-validation branch from 1c109ce to 08e4c75 Compare April 9, 2022 12:54
@austinkelleher austinkelleher changed the title buffer: atob throw error when the input string is invalid buffer: atob throw error when the input value is invalid Apr 9, 2022
austinkelleher
austinkelleher commented Apr 9, 2022
View reviewed changes
aduh95
aduh95 reviewed Apr 9, 2022
View reviewed changes
austinkelleher
austinkelleher commented Apr 9, 2022
View reviewed changes
austinkelleher
austinkelleher commented Apr 9, 2022
View reviewed changes
@austinkelleher
buffer: switch to using InvalidCharacterError on encoding error
a85b856 
* Chrome and Firefox both use `InvalidCharacterError` when the string
  to be decoded is not correctly encoded
* Remove unnecessary atob test
aduh95
aduh95 reviewed Apr 9, 2022
View reviewed changes
Copy link
Contributor

@aduh95 aduh95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: we could keep one array and save a lookup per char.Given the fact that this is a legacy API for which performance are not really a concern, you can ignore this suggestion if you think it makes the code harder to read.

aduh95
aduh95 reviewed Apr 9, 2022
View reviewed changes
aduh95
aduh95 reviewed Apr 9, 2022
View reviewed changes
@austinkelleher
buffer: update character validation approach in atob
a5828d8 
* Small optimization in atob validation by assuming positions of
  whitespace characters in allowed chars array
* Improved tests for ASCII whitespace characters
* Explicitly validate properties of `DOMException` in tests
@austinkelleher austinkelleher force-pushed the 42646-buffer-validation branch from 689d51f to a5828d8 Compare April 9, 2022 14:26
aduh95
aduh95 reviewed Apr 9, 2022
View reviewed changes
aduh95
aduh95 reviewed Apr 9, 2022
View reviewed changes
aduh95
aduh95 approved these changes Apr 9, 2022
View reviewed changes
@aduh95 aduh95 added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Apr 9, 2022
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Apr 9, 2022

CI: https://ci.nodejs.org/job/node-test-pull-request/43410/

This was referenced Apr 10, 2022
Open
Open
@austinkelleher
Copy link
Contributor Author

austinkelleher commented Apr 11, 2022

It seems that some of the tests may have failed intermittently unless I'm missing something. Anything that I'm missing? If not, can someone please re-trigger? Thanks!

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Apr 11, 2022

CI: https://ci.nodejs.org/job/node-test-pull-request/43433/

@austinkelleher
Copy link
Contributor Author

austinkelleher commented Apr 11, 2022
edited
Loading

It looks like all checks have passed except for the pending node-test-linux-linked-debug. When I review the Jenkins job output, it looks like that job has actually succeeded?

@github-actions github-actions bot mentioned this pull request Apr 12, 2022
Open
29 tasks
@aduh95 aduh95 merged commit 7533d08 into nodejs:master Apr 12, 2022
@aduh95
Copy link
Contributor

aduh95 commented Apr 12, 2022

Landed in 7533d08, thanks for the contribution 🎉

This was referenced Apr 13, 2022
Open
Open
@BethGriggs BethGriggs mentioned this pull request Apr 14, 2022
Merged
@github-actions github-actions bot mentioned this pull request Apr 15, 2022
Open
16 tasks
@juanarbol juanarbol mentioned this pull request May 31, 2022
Closed
@danielleadams
Copy link
Contributor

danielleadams commented Jun 27, 2022

@austinkelleher should this land in v16.x? If so, do you mind creating a backport PR for this to v16.x-staging? (docs) Thanks!

@codebytere codebytere mentioned this pull request Aug 23, 2022
Merged
3 tasks
@juanarbol juanarbol mentioned this pull request Oct 11, 2022
Merged
@chee chee mentioned this pull request Feb 20, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@targos targos targos left review comments

@aduh95 aduh95 aduh95 approved these changes

@marsonya marsonya marsonya approved these changes

+1 more reviewer

@zloirock zloirock zloirock left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. buffer Issues and PRs related to the buffer subsystem. needs-ci PRs that need a full CI run.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

atob should throw an error if the input is not correctly encoded

7 participants

@austinkelleher @zloirock @nodejs-github-bot @aduh95 @danielleadams @targos @marsonya