Skip to content

No ES6 Map support? #138

New issue
New issue
Open
Open
No ES6 Map support?#138
@mcclure

Description

@mcclure
mcclure
opened on Oct 5, 2020

If I run the following test program with msgpack-javascript 2.1.0:

import { encode, decode } from "@msgpack/msgpack"
const map = new Map()
map.set("a", 1)
map.set("b", 2)
map.set("c", 3)
const encoded = encode(map,{initialBufferSize:128})
const decoded = decode(encoded)
console.log({map, encoded, decoded})

The output is:

Screen Shot 2020-10-04 at 11 40 42 PM

Conclusion: Asking msgpack-javascript to encode a Map causes it to encode it as if it were an empty object.

Supporting Maps in some capacity would be good because if anything it is better to store Maps in msgpack than to store objects. Sometimes deserializing in JavaScript can cause problems or even security flaws if keys overwrite "special" javascript objects like hasOwnProperty or __proto__. Here is an example of such a problem. I suspect msgpack-javascript itself will not have any such security flaws, but it is easy for client code to have such security flaws and the security issues can be sidestepped by using Maps instead of objects.

Activity

gfx

gfx commented on Oct 5, 2020

@gfx
gfx
on Oct 5, 2020
Member

Thank you for your report.

This is the specification and won't be fixed because MessagePack is designed to communicate in multi-languages. I won't add any flavors by default.

However, any JavaScript programs use lots of non-primitive objects, so the MessagePack spec has extensions.
See extension types for details.

Also, I'd like to add extensions to handle non-primitive objects like ES2015's Map, just like as browsers do.

joshyrobot

joshyrobot commented on Jun 11, 2021

@joshyrobot
joshyrobot
on Jun 11, 2021

Sorry, where in the spec does it say something incompatible with Maps? As far as I can tell, the spec actually places no restriction on map keys, so the current implementation seems to be non-compliant, and the only way to make it compliant is to decode into Maps instead of plain objects.

mcclure

mcclure commented on Jun 12, 2021

@mcclure
mcclure
on Jun 12, 2021
Author

To concur with what @joshyrobot is saying, what we're looking for is not so much a way to encode maps in addition to objects, we're looking for a way to encode maps instead of objects— something like an alternate mode in which maps are always created and consumed and vanilla javascript objects are never created or consumed.

IscoRuta98
mentioned this on Dec 14, 2022
jcc10
added a commit that references this issue on Apr 1, 2023

Update README.md

07900e5
jcc10
mentioned this on Apr 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @gfx@mcclure@joshyrobot

        Issue actions
          No ES6 Map support? · Issue #138 · msgpack/msgpack-javascript