feat: Do not serialize NaN, Infinity, or -Infinity

BREAKING CHANGE: Any attempt to serialize NaN, Infinity, or
-Infinity will now throw an UnserializableParamError.

Author: razor-x

README.md

@@ -62,6 +62,8 @@ which encodes most non-alphanumeric characters.
   is not supported and will throw an `UnserializableParamError`.
 - Serialization of functions or other objects is
   is not supported and will throw an `UnserializableParamError`.
+- Serialization of `NaN`, `Infinity`, and `-Infinity`
+  is not supported and will throw an `UnserializableParamError`.
 
 ### Compatible parsing strategy
 

src/lib/serialize.ts

@@ -83,7 +83,19 @@ const serialize = (k: string, v: unknown): string => {
     }
     return v.toString()
   }
-  if (typeof v === 'number') return v.toString()
+  if (typeof v === 'number') {
+    if (
+      isNaN(v) ||
+      v === Infinity ||
+      v === -Infinity ||
+      v.toString() === 'NaN' ||
+      v.toString() === 'Infinity' ||
+      v.toString() === '-Infinity'
+    ) {
+      throw new UnserializableParamError(k, `is ${v}`)
+    }
+    return v.toString()
+  }
   if (typeof v === 'bigint') return v.toString()
   if (typeof v === 'boolean') return v.toString()
   if (isDateLike(v)) return v.toISOString()

test/serialization.test.ts

@@ -125,6 +125,18 @@ test('cannot serialize functions', (t) => {
   })
 })
 
+test('cannot serialize number pointers', (t) => {
+  t.throws(() => serializeUrlSearchParams({ foo: Infinity }), {
+    instanceOf: UnserializableParamError,
+  })
+  t.throws(() => serializeUrlSearchParams({ foo: -Infinity }), {
+    instanceOf: UnserializableParamError,
+  })
+  t.throws(() => serializeUrlSearchParams({ foo: -NaN }), {
+    instanceOf: UnserializableParamError,
+  })
+})
+
 test('cannot serialize non-plain objects', (t) => {
   class Foo {
     bar: string