Skip to content

[chore] Use wtf-8 instead of utf8 to prevent lone surrogates from gen… #68

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 26, 2016
Merged

[chore] Use wtf-8 instead of utf8 to prevent lone surrogates from gen… #68

merged 1 commit into from
Sep 26, 2016

Conversation

@darrachequesne
Copy link
Member

…erating parsing error

Note: sanitization should occur upfront

Closes #61, fixes (partially) socketio/socket.io#2459

@darrachequesne darrachequesne merged commit f5d966b into socketio:master Sep 26, 2016
@Nibbler999
Copy link

I think it would be better to stick with utf8.js and catch the exception. We need to do that anyway because wtf-8 will still throw on other kinds on invalid input.

Also, https://simonsapin.github.io/wtf-8/#intended-audience specifically says:

WTF-8 must not be used to represent text in a file format or for transmission over the Internet.

@calzoneman
Copy link

Any news on when this version will be targeted by socket.io? Currently, socket.io 1.4.8 brings in engine.io-parser 1.2.4, which does not have this fix. I'm having to manually patch my deployments right now because this bug can crash the server if not sanitized.

darrachequesne added a commit to darrachequesne/engine.io-parser that referenced this pull request Oct 16, 2016
@darrachequesne
Revert "[chore] Use wtf-8 instead of utf8 to prevent lone surrogates …
1c7c0ef 
…from generating parsing error (socketio#68)"

This reverts commit f5d966b.
@darrachequesne darrachequesne mentioned this pull request Oct 16, 2016
Closed
@darrachequesne darrachequesne added this to the 1.3.0 milestone Oct 20, 2016
@darrachequesne darrachequesne deleted the patch-2 branch December 7, 2016 21:12
@darrachequesne darrachequesne mentioned this pull request Dec 18, 2016
Merged
This was referenced Jan 11, 2017
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

1.3.0

Development

Successfully merging this pull request may close these issues.

3 participants

@darrachequesne @Nibbler999 @calzoneman