search

beaugunderson / ip-address

💻 a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript
http://ip-address.js.org/
MIT License
525 stars 71 forks source link

Vulnerable to octal input data #132

Open ortexx opened 3 years ago

ortexx commented 3 years ago

My library based on yours and I got this issue

So, parse and correctForm functions work only with decimal notation. If we pass '010.1.1.1', we get '10.1.1.1', not '8.1.1.1' as expected.

If we assume to work only with decimal numbers, then '010.1.1.1' should throw an error as an invalid value, otherwise we have to handle it some way(convert to decimal, for example).

StoneLabs commented 3 years ago

can confirm. See #142 for more examples.