Skip to content

Commit

Permalink
fix: ensure reserved events cannot be used as event names
Browse files Browse the repository at this point in the history
  • Loading branch information
darrachequesne committed May 31, 2023
1 parent 6a5a004 commit d9db473
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 1 deletion.
16 changes: 15 additions & 1 deletion lib/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,18 @@ import debugModule from "debug"; // debug()

const debug = debugModule("socket.io-parser"); // debug()

/**
* These strings must not be used as event names, as they have a special meaning.
*/
const RESERVED_EVENTS = [
"connect", // used on the client side
"connect_error", // used on the client side
"disconnect", // used on both sides
"disconnecting", // used on the server side
"newListener", // used by the Node.js EventEmitter
"removeListener", // used by the Node.js EventEmitter
];

/**
* Protocol version.
*
Expand Down Expand Up @@ -277,7 +289,9 @@ export class Decoder extends Emitter<{}, {}, DecoderReservedEvents> {
case PacketType.BINARY_EVENT:
return (
Array.isArray(payload) &&
(typeof payload[0] === "string" || typeof payload[0] === "number")
(typeof payload[0] === "number" ||
(typeof payload[0] === "string" &&
RESERVED_EVENTS.indexOf(payload[0]) === -1))
);
case PacketType.ACK:
case PacketType.BINARY_ACK:
Expand Down
2 changes: 2 additions & 0 deletions test/parser.js
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,8 @@ describe("socket.io-parser", () => {
isInvalidPayload('2[{"toString":"foo"}]');
isInvalidPayload('2[true,"foo"]');
isInvalidPayload('2[null,"bar"]');
isInvalidPayload('2["connect"]');
isInvalidPayload('2["disconnect","123"]');

expect(() => new Decoder().add("999")).to.throwException(
/^unknown packet type 9$/
Expand Down

0 comments on commit d9db473

Please # to comment.