> querystring.stringify({ foo: "a\ud802" })
Uncaught URIError [ERR_INVALID_URI]: URI malformed // correct
> querystring.stringify({ foo: "a\ud802b" })
'foo=a%F0%90%A1%A2' // incorrect
> encodeURIComponent("a\ud802b")
Uncaught URIError: URI malformed // correct
> foo = "a\ud802b"; querystring.parse(querystring.stringify({ foo })).foo === foo
false // does not roundtripI would argue that "a\ud802b" was supposed to throw, as querystring.stringify is already throwing on some non-well-formed strings, it just misses some
See also anonrig/fast-querystring#92
This was autodetected by the scanner behind https://github.com/deepview-autofix
For anyone remembering querystring being moved to Legacy: https://nodejs.org/api/querystring.html has been updated from Legacy to Stable, and is currently labeled Stable in the docs, see #44912
I would argue that
"a\ud802b"was supposed to throw, asquerystring.stringifyis already throwing on some non-well-formed strings, it just misses someSee also anonrig/fast-querystring#92
This was autodetected by the scanner behind https://github.com/deepview-autofix
For anyone remembering querystring being moved to Legacy: https://nodejs.org/api/querystring.html has been updated from Legacy to Stable, and is currently labeled Stable in the docs, see #44912