-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Actual ICU errors are discarded #65
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I was trying to use this lib to implement SASLprep, in order to support Unicode usernames. I get
true
forprep.isNative()
, and strings can be prepared so long as ICU does not throw an error. I also disabled JS fallbacks viaprep.disableJsFallbacks()
.When there is a genuine error, such as a
U_STRINGPREP_UNASSIGNED_ERROR
, the original error is discarded, andlibicu unavailable
is thrown instead. The relevant source code reads:It would be much more useful to have the original exception. Is there some reason why the original exception is not thrown?
In addition, I think there is a much bigger problem. If you're using stringprep for something security related, the side-effects of the above code are even worse when you leave JS fallbacks enabled. In that case, even when ICU bindings are working instead of throwing the error, the code silently falls back to a potentially insecure JS substitute, and a consumer of
node-stringprep
might never notice this happening.The text was updated successfully, but these errors were encountered: