TypeError: data.replace is not a function

Question

TypeError: data.replace is not a function

yevgenypats opened this issue 5 years ago · 4 comments

Hey there! found a bug that is reproducible via:

const yaml = require('js-yaml');
yaml.safeLoad(Buffer.from('213c3f000a380080ce6a7b0070e640ef3a20ffa3f6b964a6a26432b46064583a20209be63c3f56ef643dae64c27dcfe474ae646efb7a2600210010a680000024ff1c80ad20fd7f20df1474df3aa7cc00bcdb7fdfd4966810f85dff7d5304006500791817640f798845', 'hex'))

# Thrown:
# TypeError: data.replace is not a function

found via jsfuzz

puzrin commented 5 years ago

Ok, #525.

👍1

Answer 1 · 2019-11-02T00:44:38.000Z

Input should be string

Answer 2 · 2019-11-02T07:44:37.000Z

Gotcha. but isn't safeLoad should validate it or at least it should be in the documentation that the user must validate that the argument to safeLoad is an ascii/utf-8(which one?) string?

Answer 3 · 2019-11-02T09:44:10.000Z

here is another exception with a string:

const yaml = require('js-yaml');
yaml.safeLoad('!<?\u0000[0]$')

Thrown:
TypeError: data.charCodeAt is not a function