JSON.parse can throw, so move it inside try

Secbone / koa-session2

Middleware for Koa2 to get/set session

MIT License

153 stars 30 forks source link

Closed tinovyatkin closed 7 years ago

tinovyatkin commented 7 years ago

decode deals with unsanitized user data, so, it can throw in badly formatted JSON

tinovyatkin commented 7 years ago

Also in your code if Buffer construction trows you will attempt to JSON.parse an empty string.

Secbone commented 7 years ago

thanks ! 😄