Skip to content

feat(isBase64): improve base64 validation based on RFC4648 #2491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 26, 2025
Merged

feat(isBase64): improve base64 validation based on RFC4648 #2491

merged 1 commit into from
Mar 26, 2025

Conversation

aseyfpour
Copy link
Contributor

Add padding to the options list.
Update regexes to support validation with and without padding.
Update default options to maintain backward compatibility.
Add new tests to cover various scenarios.

In the previous version, only Base64 strings with padding and URL-safe Base64 strings without padding were validated. However, according to RFC4648, both standard and URL-safe Base64 variants can be valid with or without padding. Therefore, this version supports four validation combinations—standard with padding, standard without padding, URL-safe with padding, and URL-safe without padding—while maintaining backward compatibility.

Checklist

  • PR contains only changes related; no stray files, etc.
  • README updated (where applicable)
  • Tests written (where applicable)
  • References provided in PR (where applicable)

WikiRik
WikiRik reviewed Nov 2, 2024
View reviewed changes
@aseyfpour
feat: improve base64 validation based on RFC4648
b01a860 
add padding to the option list
update regexes to support validation with/without padding
update default options to keep the changes backward compatible
add new test to cover different scenarios
@aseyfpour aseyfpour requested a review from WikiRik November 2, 2024 08:56
WikiRik
WikiRik reviewed Nov 2, 2024
View reviewed changes
Copy link
Member

@WikiRik WikiRik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the quick updates. I'll need to take some more time for a proper review, but on initial look this should be good so I'll request some additional reviewers already

@WikiRik WikiRik requested review from rubiin and pano9000 November 2, 2024 10:21
@aseyfpour
Copy link
Contributor Author

@rubiin @WikiRik

It’s been a month since the last changes. I’d appreciate it if you could involve another reviewer for this PR.

@rubiin rubiin requested review from profnandaa and a team and removed request for a team December 2, 2024 14:42
@aseyfpour aseyfpour requested a review from WikiRik December 6, 2024 23:35
@aseyfpour
Copy link
Contributor Author

UP

@WikiRik WikiRik merged commit 7ff247d into validatorjs:master Mar 26, 2025
10 checks passed
This was referenced Mar 27, 2025
Closed
Closed
@WikiRik WikiRik mentioned this pull request May 14, 2025
Merged
@mykhailo-klym
Copy link

Just a heads up this caused a stack overflow issue in our app.

  • The issue seems to be from regex.test.
  • The string that we test is around 26MB
  • Unfortunately I cannot provide you with a string or reproducible scenario, because my string can contain sensitive data.
  • Previous version is working just fine, e.g. no stack overflow issues.

... Sorry, if I can create a reproducible scenario I will open an issue.

@alumni
Copy link

alumni commented Jul 8, 2025
edited
Loading

The regular expression used here can cause a ReDoS on large strings.

The old implementation was more efficient because the iteration was handled by JS, not by the RegEx.

@WikiRik
Copy link
Member

WikiRik commented Jul 8, 2025

Feel free to open a new PR with an improved version

@WikiRik WikiRik mentioned this pull request Jul 11, 2025
Open
KrayzeeKev pushed a commit to KrayzeeKev/validator.js that referenced this pull request Jul 14, 2025
validatorjs#2491 validatorjs#2573 Simplify isBase64 to prevent stack …
51cec2e 
…overflow
KrayzeeKev pushed a commit to KrayzeeKev/validator.js that referenced this pull request Jul 14, 2025
validatorjs#2491 validatorjs#2573 Simplify isBase64 to prevent stack …
e947d6f 
…overflow
@KrayzeeKev KrayzeeKev mentioned this pull request Jul 14, 2025
Open
4 tasks
@KrayzeeKev
Copy link

I've created #2574 to resolve the stack overflow issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rubiin rubiin rubiin approved these changes

@WikiRik WikiRik WikiRik approved these changes

@pano9000 pano9000 Awaiting requested review from pano9000

@profnandaa profnandaa Awaiting requested review from profnandaa

Assignees
No one assigned
Labels
🕑 to-be-reviewed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@aseyfpour @mykhailo-klym @alumni @WikiRik @KrayzeeKev @rubiin