From fae15d3489504fc9c6da6d0ea42d3bbb9cfb4ac8 Mon Sep 17 00:00:00 2001
From: Jeroen Diderik <jdiderik@gmail.com>
Date: Wed, 24 Nov 2021 11:13:27 +0100
Subject: [PATCH] Catch malformed URI Components

Fix for error thrown when a value contains non-valid / malformed URI Component
Example: test=%c5%a1%e8ZM%80%82H
will throw "URI malformed"
This update will leave the value as-is when an error is thrown
---
 querystring/parse.js                       | 12 ++++++++++--
 querystring/tests/test-parseQueryString.js |  4 ++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/querystring/parse.js b/querystring/parse.js
index 2a44e737..1f2300a2 100644
--- a/querystring/parse.js
+++ b/querystring/parse.js
@@ -1,5 +1,13 @@
 "use strict"
 
+function decodeURIComponentSave(str) {
+	try {
+		return decodeURIComponent(str)
+	} catch(err) {
+		return str
+	}
+}
+
 module.exports = function(string) {
 	if (string === "" || string == null) return {}
 	if (string.charAt(0) === "?") string = string.slice(1)
@@ -7,8 +15,8 @@ module.exports = function(string) {
 	var entries = string.split("&"), counters = {}, data = {}
 	for (var i = 0; i < entries.length; i++) {
 		var entry = entries[i].split("=")
-		var key = decodeURIComponent(entry[0])
-		var value = entry.length === 2 ? decodeURIComponent(entry[1]) : ""
+		var key = decodeURIComponentSave(entry[0])
+		var value = entry.length === 2 ? decodeURIComponentSave(entry[1]) : ""
 
 		if (value === "true") value = true
 		else if (value === "false") value = false
diff --git a/querystring/tests/test-parseQueryString.js b/querystring/tests/test-parseQueryString.js
index 4a61c431..8d497cdb 100644
--- a/querystring/tests/test-parseQueryString.js
+++ b/querystring/tests/test-parseQueryString.js
@@ -20,6 +20,10 @@ o.spec("parseQueryString", function() {
 		var data = parseQueryString("?%3B%3A%40%26%3D%2B%24%2C%2F%3F%25%23=%3B%3A%40%26%3D%2B%24%2C%2F%3F%25%23")
 		o(data).deepEquals({";:@&=+$,/?%#": ";:@&=+$,/?%#"})
 	})
+	o("handles wrongly escaped values", function() {
+		var data = parseQueryString("?test=%c5%a1%e8ZM%80%82H")
+		o(data).deepEquals({test: "%c5%a1%e8ZM%80%82H"})
+	})
 	o("handles escaped slashes followed by a number", function () {
 		var data = parseQueryString("?hello=%2Fen%2F1")
 		o(data.hello).equals("/en/1")