fix: use safe stringification for status code error messages#7107
Open
AkaHarshit wants to merge 1 commit intoexpressjs:masterfrom
Open
fix: use safe stringification for status code error messages#7107AkaHarshit wants to merge 1 commit intoexpressjs:masterfrom
AkaHarshit wants to merge 1 commit intoexpressjs:masterfrom
Conversation
Replace JSON.stringify(code) with a safe stringifyStatusCode() helper in res.status() to prevent TypeError when non-serializable values like BigInt or Symbol are passed as status codes. JSON.stringify(BigInt(200)) throws 'TypeError: Do not know how to serialize a BigInt', which overrides the intended 'Invalid status code' error message. The new helper handles BigInt, Symbol, null-prototype objects, and all other types safely. Fixes: expressjs#6756
Contributor
Author
|
Hi @wesleytodd, the CI tests have officially passed! ✅ This PR correctly introduces fallback stringification for objects, symbols, and BigInts when an invalid status code is thrown, preventing the unhandled TypeError crashes discussed in the issue. The new tests verifying the behavior have been added and are green. Please let me know if you need any adjustments before merging! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Calling
res.status(200n)(BigInt) orres.sendStatus(200n)throws an unexpectedTypeError: Do not know how to serialize a BigIntinstead of the intendedInvalid status codeerror message.This happens because
Number.isInteger(200n)returnsfalse, triggering the error path which usesJSON.stringify(code)in a template literal — butJSON.stringifycannot serialize BigInt and throws its own error first, overriding the intended message.Similarly,
Symbolvalues would also crashJSON.stringify, andObject.create(null)would crashString().Solution
Replaced
JSON.stringify(code)with a safestringifyStatusCode()helper function that handles all edge cases:String(200n)→"200"(wasJSON.stringifycrash)symbol.toString()→"Symbol(foo)"(wasString()crash)Object.create(null)→Object.prototype.toString.call()→"[object Object]"(was.toString()crash)String()works safelyWhy it matters
The current behavior confuses developers — they see a serialization error instead of the clear "Invalid status code" message that Express intends to show. This fix ensures all invalid status code types produce the intended, helpful error message.
Testing
Added 4 new test cases to
test/res.status.js:200n)Symbol('test'))){})true)Full test suite: 1251 passing, 0 failing, no regressions.
Linked Issue
Fixes: #6756