fix: Add failsafes for queryStringParser (#983)

Author: alexs-mparticle

src/utils.ts

@@ -292,14 +292,19 @@ interface URLSearchParamsFallback {
 }
 
 const queryStringParserFallback = (url: string): URLSearchParamsFallback => {
-    let params: Dictionary<string> = {};
+    const params: Dictionary<string> = {};
     const queryString = url.split('?')[1] || '';
     const pairs = queryString.split('&');
 
     pairs.forEach(pair => {
-        var [key, value] = pair.split('=');
-        if (key && value) {
-            params[key] = decodeURIComponent(value || '');
+        const [key, ...valueParts] = pair.split('=');
+        const value = valueParts.join('=');
+        if (key && value !== undefined) {
+            try {
+                params[key] = decodeURIComponent(value || '');
+            } catch (e) {
+                console.error(`Failed to decode value for key ${key}: ${e}`);
+            }
         }
     });
 

test/jest/utils.spec.ts

@@ -146,6 +146,27 @@ describe('Utils', () => {
 
                 expect(queryStringParser(url, [])).toEqual(expectedResult);
             });
+
+            it('should handle non-standard characters or malformed urls', () => {
+                const malformedUrl = 'https://www.example.com?foo=bar&baz=qux&mal=%E0%A4%A&narf=poit&param0=你好&*;<script>alert("hi")</script>&http://a.com/?c=7&d=8#!/asd+/%^^%zz%%%world你好&param1&param2=&param3=%E0%A4%A&param4=value1=value2&param5=a%AFc';
+                const keys = [
+                    'foo',
+                    'narf',
+                    'param0',
+                    'param1',
+                    'param2',
+                    'param3',
+                    'param4'
+                ];
+
+                const expectedResult = {
+                    foo: 'bar',
+                    narf: 'poit',
+                    param0: '你好',
+                };
+
+                expect(queryStringParser(malformedUrl, keys)).toEqual(expectedResult);
+            });
         });
     });