search

nginx / njs

A subset of JavaScript language to use in nginx
http://nginx.org/en/docs/njs/
BSD 2-Clause "Simplified" License
1.25k stars 155 forks source link

njs_string_atob cannot handle cypertext unless the padding is intact #695

Closed ahnyujin closed 9 months ago

ahnyujin commented 9 months ago

Hello 😄 We found it difficult that njs' atob works differently than we think.

Atob function in njs is decoding without considering padding of the ciphertext. And for this reason, it's hard to detect errors early.

For example, 'aGVsbG8=', which is the base64 encoded 'hello'. In most atob functions, 'aGVsbG8' is returned as 'hello', but njs doesn't.

I wonder if you have any plans to make any changes to this.

https://github.com/nginx/njs/blob/a26f8cc0db69bb4879b069d42b7e006ecd151dc6/src/njs_string.c#L4276-L4299

xeioex commented 9 months ago

Hi @ahnyujin,

Thanks for reporting the problem. As a workaround you can use the other methods, like Buffer.from("aGVsbG8=", "base64").toString().