Fix "maxAge" option to reject invalid values

pillarjs · Apr 14, 2022 · 0c77dd6 · 0c77dd6
1 parent f5b5b31
commit 0c77dd6
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 0 deletions.
diff --git a/HISTORY.md b/HISTORY.md
@@ -3,6 +3,7 @@ unreleased
 
   * Add `priority` option for Priority cookie support
   * Fix accidental cookie name/value truncation when given invalid chars
+  * Fix `maxAge` option to reject invalid values
   * Remove quotes from returned quoted cookie value
   * Use `req.socket` over deprecated `req.connection`
   * pref: small lookup regexp optimization

diff --git a/index.js b/index.js
@@ -172,6 +172,10 @@ function Cookie(name, value, attrs) {
     throw new TypeError('option domain is invalid');
   }
 
+  if (typeof this.maxAge === 'number' ? (isNaN(this.maxAge) || !isFinite(this.maxAge)) : this.maxAge) {
+    throw new TypeError('option maxAge is invalid')
+  }
+
   if (this.priority && !PRIORITY_REGEXP.test(this.priority)) {
     throw new TypeError('option priority is invalid')
   }

diff --git a/test/cookie.js b/test/cookie.js
@@ -61,6 +61,24 @@ describe('new Cookie(name, value, [options])', function () {
         var cookie = new cookies.Cookie('foo', 'bar', { maxAge: 86400 })
         assert.equal(cookie.maxage, 86400)
       })
+
+      it('should throw on invalid value', function () {
+        assert.throws(function () {
+          new cookies.Cookie('foo', 'bar', { maxAge: 'foo' })
+        }, /option maxAge is invalid/)
+      })
+
+      it('should throw on Infinity', function () {
+        assert.throws(function () {
+          new cookies.Cookie('foo', 'bar', { maxAge: Infinity })
+        }, /option maxAge is invalid/)
+      })
+
+      it('should throw on NaN', function () {
+        assert.throws(function () {
+          new cookies.Cookie('foo', 'bar', { maxAge: NaN })
+        }, /option maxAge is invalid/)
+      })
     })
 
     describe('priority', function () {