Change the parseQueryString function to return a Map rather than an Object (issue 13829)

Even though the code as-is *should* be safe, given that we're using an Object with a `null` prototype, it cannot hurt to change this to a Map to prevent any issues (since we're parsing unknown and potentially unsafe data). Overall I also think that these changes improve the `parseQueryString` call-sites, since we now have a proper way of checking for the existence of a particular key (and don't have to use `in` which stringifies the keys in the Object). This patch also changes the default, when no `value` exists, from `null` to an empty string since the use of `decodeURIComponent` currently can modify the value in a somewhat surprising way (at least to me). Note how `decodeURIComponent(null) === "null"` which is unlikely to be what you actually want, whereas `decodeURIComponent("") === ""` which seems much more helpful.
2025-07-08 01:10:08 +02:00 · 2021-07-31 22:15:30 +02:00 · 2021-07-31 22:15:30 +02:00 · 4ab4efd42f
commit 4ab4efd42f
parent 222c9e7e84
4 changed files with 47 additions and 42 deletions
--- a/web/pdf_link_service.js
+++ b/web/pdf_link_service.js
@ -263,20 +263,20 @@ class PDFLinkService {
    let pageNumber, dest;
    if (hash.includes("=")) {
      const params = parseQueryString(hash);
-      if ("search" in params) {
+      if (params.has("search")) {
        this.eventBus.dispatch("findfromurlhash", {
          source: this,
-          query: params.search.replace(/"/g, ""),
-          phraseSearch: params.phrase === "true",
+          query: params.get("search").replace(/"/g, ""),
+          phraseSearch: params.get("phrase") === "true",
        });
      }
      // borrowing syntax from "Parameters for Opening PDF Files"
-      if ("page" in params) {
-        pageNumber = params.page | 0 || 1;
+      if (params.has("page")) {
+        pageNumber = params.get("page") | 0 || 1;
      }
-      if ("zoom" in params) {
+      if (params.has("zoom")) {
        // Build the destination array.
-        const zoomArgs = params.zoom.split(","); // scale,left,top
+        const zoomArgs = params.get("zoom").split(","); // scale,left,top
        const zoomArg = zoomArgs[0];
        const zoomArgNumber = parseFloat(zoomArg);

@ -336,16 +336,16 @@ class PDFLinkService {
      } else if (pageNumber) {
        this.page = pageNumber; // simple page
      }
-      if ("pagemode" in params) {
+      if (params.has("pagemode")) {
        this.eventBus.dispatch("pagemode", {
          source: this,
-          mode: params.pagemode,
+          mode: params.get("pagemode"),
        });
      }
      // Ensure that this parameter is *always* handled last, in order to
      // guarantee that it won't be overridden (e.g. by the "page" parameter).
-      if ("nameddest" in params) {
-        this.goToDestination(params.nameddest);
+      if (params.has("nameddest")) {
+        this.goToDestination(params.get("nameddest"));
      }
    } else {
      // Named (or explicit) destination.