JSON.Parse not handling illegal characters
Question
I decode a string using base64. To test my error handling i added some extra characters to the string resulting in
i��{"alg":"RS256","kid":"c818a52e5a3a9cbb853ed47a326376c86cb0b5e6"}
Pushing this through JSON.Parse will result in undefined and JSON.parse then throws a TypeError saying it cant call toString() on undefined.
Try/Catch arent picking this up. What do i do?
Too clarify this runs on a node.js backend.
[EDIT]
More information. This is the json i send to the API. THe following will validate properly as it's base64 encoded. But if i add some random letters to the front it'll get messed up obviously, but how do i check for it?:
{ "payload" : { "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImM4MThhNTJlNWEzYTljYmI4NTNlZDQ3YTMyNjM3NmM4NmNiMGI1ZTYifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwiYXRfaGFzaCI6IjVIcm8tZk5xWGdkLXJLdTBfdVV1dkEiLCJhdWQiOiI0MDc0MDg3MTgxOTIuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDM1MDQ2NTcwODY3NDQyNDk0NTgiLCJhenAiOiI0MDc0MDg3MTgxOTIuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJpYXQiOjE0NTI0MzQ0NDUsImV4cCI6MTQ1MjQzODA0NX0.clvcKwE2SxaU3PLAcLzJklURdZQV9CZwlWPDCXXATE7gShflnrWWase0Q_s3d8B5eR-LDizwcB5ViFc-xHuMIj7Ro1gaysyv4Yg5hCJe_aFGJel91j7Jefiwp205dICTpnCodWHfDoIgnSLSAHUo2Q0l5hbS38R7pBAoPS3vIyG7RxkHGYVxp55Rkd0wgX5cXB-_WkLwSsrLN5uOyOMpZ8xBK9IMhfwQWvNaLcAIluuIeeIVMY2nVtcicPWHCSt3AgVHqkW4bb-e-b6jC-LuLBs0aB8otXFX9PQV3uEwSb6vKO4DHDUZR-Znwi0OlKurlGpsT-KvpM_kCV3RVp9cDQ" }, "username":"somelongusernamethatisunique", "useragent":"Android" }
Then the code that parses it looks like:
function(payload) { var segments = payload.id_token.split('.'); var config = request.getAsync( 'https://accounts.google.com/.well-known/openid-configuration') .then(function(result) { var response = JSON.parse(result.body); return request.getAsync(response.jwks_uri); }).then(function(result) { return JSON.parse(result.body); }).caught(SyntaxError, function(e) { throw e; }) var header = new Promise(function(resolve, reject) { try { var base64string = base64urlDecode(segments[0]); console.log(base64string); resolve(JSON.parse(base64string)); } catch (e) { reject(e); } }).caught(SyntaxError, function(e) { throw e; }) return Promise.join(config, header, function(response, header) { return new Promise(function(resolve, reject) { var key = ''; for (var i = 0; i < response.keys.length; i++) { if (response.keys[i].kid === header.kid) { key = response.keys[i]; break; } } if (jws.verify(payload.id_token, key)) { var info = JSON.parse(base64urlDecode(segments[1])); resolve(info.sub); } else { reject(); } }); }); } }; function base64urlDecode(str) { return new Buffer(base64urlUnescape(str), 'base64').toString(); }; function base64urlUnescape(str) { str += Array(5 - str.length % 4).join('='); return str.replace(/\\-/g, '+').replace(/_/g, '/'); }
1 answers
solution1
1 ACCPTED 2016-01-10 16:29:42
If you want to pretend that your code received that string from somewhere, you should be able to wrap it in single-quotes:
var badInput = 'i��{"alg":"RS256","kid":"c818a52e5a3a9cbb853ed47a326376c86cb0b5e6"}';
That sets badInput to the messed-up JSON source as a string. Then try / catch around a call to JSON.parse() should do what you expect:
try {
var result = JSON.parse(badInput);
}
catch(x) {
alert("Error test: " + x);
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.