Skip to content

Commit 0dc59cd

Browse files
dbrugnedbrugne
committed
Avoid uncaught "SyntaxError: Unexpected token ͧ" error.
When .verify() a corrupted JWS (e.g.: malicious user add extra characters in the middle of token) an error is thrown: `` [ERROR] console - SyntaxError: Unexpected token ͧ at Object.parse (native) at Object.jwsDecode [as decode] (/www/socketio-jwt/node_modules/jsonwebtoken/node_modules/jws/lib/verify-stream.js:71:20) at Object.module.exports.verify (/www/socketio-jwt/node_modules/jsonwebtoken/index.js:120:26)` ``
1 parent 881d07f commit 0dc59cd

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

index.js

+6-1
Original file line numberDiff line numberDiff line change
@@ -117,7 +117,12 @@ module.exports.verify = function(jwtString, secretOrPublicKey, options, callback
117117

118118
}
119119

120-
var decodedToken = jws.decode(jwtString);
120+
var decodedToken;
121+
try {
122+
decodedToken = jws.decode(jwtString);
123+
} catch(err) {
124+
return done(new JsonWebTokenError('invalid token'));
125+
}
121126

122127
if (!decodedToken) {
123128
return done(new JsonWebTokenError('invalid token'));

0 commit comments

Comments
 (0)