fix: Encode URI components in HttpTransport & Add secure-json-parse dependency (#469)

originalix · web-flow · commit e59928917c30 · 2025-05-15T17:40:51.000+08:00
* fix: encode URI components in HttpTransport class

* feat: add secure-json-parse dependency and update JSON parsing in HttpTransport class
diff --git a/packages/connect-examples/electron-example/package.json b/packages/connect-examples/electron-example/package.json
@@ -2,7 +2,7 @@
   "name": "hardware-example",
   "productName": "HardwareExample",
   "executableName": "onekey-hardware-example",
-  "version": "1.0.27-alpha.1",
+  "version": "1.0.28",
   "author": "OneKey",
   "description": "End-to-end encrypted workspaces for teams",
   "main": "dist/index.js",
diff --git a/packages/connect-examples/expo-example/package.json b/packages/connect-examples/expo-example/package.json
@@ -1,6 +1,6 @@
 {
   "name": "expo-example",
-  "version": "1.0.27-alpha.1",
+  "version": "1.0.28",
   "scripts": {
     "start": "CONNECT_SRC=https://localhost:8087/ yarn expo start --dev-client",
     "android": "yarn expo run:android",
@@ -19,10 +19,10 @@
     "@noble/ed25519": "^2.1.0",
     "@noble/hashes": "^1.3.3",
     "@noble/secp256k1": "^1.7.1",
-    "@onekeyfe/hd-ble-sdk": "^1.0.27-alpha.1",
-    "@onekeyfe/hd-common-connect-sdk": "^1.0.27-alpha.1",
-    "@onekeyfe/hd-core": "^1.0.27-alpha.1",
-    "@onekeyfe/hd-web-sdk": "^1.0.27-alpha.1",
+    "@onekeyfe/hd-ble-sdk": "^1.0.28",
+    "@onekeyfe/hd-common-connect-sdk": "^1.0.28",
+    "@onekeyfe/hd-core": "^1.0.28",
+    "@onekeyfe/hd-web-sdk": "^1.0.28",
     "@onekeyfe/react-native-ble-utils": "^0.1.3",
     "@polkadot/util-crypto": "13.1.1",
     "@react-native-async-storage/async-storage": "1.21.0",
diff --git a/packages/core/package.json b/packages/core/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@onekeyfe/hd-core",
-  "version": "1.0.27-alpha.1",
+  "version": "1.0.28",
   "description": "> TODO: description",
   "author": "OneKey",
   "homepage": "https://github.com/OneKeyHQ/hardware-js-sdk#readme",
@@ -25,8 +25,8 @@
     "url": "https://github.com/OneKeyHQ/hardware-js-sdk/issues"
   },
   "dependencies": {
-    "@onekeyfe/hd-shared": "^1.0.27-alpha.1",
-    "@onekeyfe/hd-transport": "^1.0.27-alpha.1",
+    "@onekeyfe/hd-shared": "^1.0.28",
+    "@onekeyfe/hd-transport": "^1.0.28",
     "axios": "^0.27.2",
     "bignumber.js": "^9.0.2",
     "bytebuffer": "^5.0.1",
diff --git a/packages/hd-ble-sdk/package.json b/packages/hd-ble-sdk/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@onekeyfe/hd-ble-sdk",
-  "version": "1.0.27-alpha.1",
+  "version": "1.0.28",
   "author": "OneKey",
   "homepage": "https://github.com/OneKeyHQ/hardware-js-sdk#readme",
   "license": "ISC",
@@ -20,8 +20,8 @@
     "lint:fix": "eslint . --fix"
   },
   "dependencies": {
-    "@onekeyfe/hd-core": "^1.0.27-alpha.1",
-    "@onekeyfe/hd-shared": "^1.0.27-alpha.1",
-    "@onekeyfe/hd-transport-react-native": "^1.0.27-alpha.1"
+    "@onekeyfe/hd-core": "^1.0.28",
+    "@onekeyfe/hd-shared": "^1.0.28",
+    "@onekeyfe/hd-transport-react-native": "^1.0.28"
   }
 }
diff --git a/packages/hd-common-connect-sdk/package.json b/packages/hd-common-connect-sdk/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@onekeyfe/hd-common-connect-sdk",
-  "version": "1.0.27-alpha.1",
+  "version": "1.0.28",
   "author": "OneKey",
   "homepage": "https://github.com/OneKeyHQ/hardware-js-sdk#readme",
   "license": "ISC",
@@ -20,10 +20,10 @@
     "lint:fix": "eslint . --fix"
   },
   "dependencies": {
-    "@onekeyfe/hd-core": "^1.0.27-alpha.1",
-    "@onekeyfe/hd-shared": "^1.0.27-alpha.1",
-    "@onekeyfe/hd-transport-http": "^1.0.27-alpha.1",
-    "@onekeyfe/hd-transport-lowlevel": "^1.0.27-alpha.1",
-    "@onekeyfe/hd-transport-webusb": "^1.0.27-alpha.1"
+    "@onekeyfe/hd-core": "^1.0.28",
+    "@onekeyfe/hd-shared": "^1.0.28",
+    "@onekeyfe/hd-transport-http": "^1.0.28",
+    "@onekeyfe/hd-transport-lowlevel": "^1.0.28",
+    "@onekeyfe/hd-transport-webusb": "^1.0.28"
   }
 }
diff --git a/packages/hd-transport-http/package.json b/packages/hd-transport-http/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@onekeyfe/hd-transport-http",
-  "version": "1.0.27-alpha.1",
+  "version": "1.0.28",
   "description": "hardware http transport",
   "author": "OneKey",
   "homepage": "https://github.com/OneKeyHQ/hardware-js-sdk#readme",
@@ -24,8 +24,9 @@
     "url": "https://github.com/OneKeyHQ/hardware-js-sdk/issues"
   },
   "dependencies": {
-    "@onekeyfe/hd-shared": "^1.0.27-alpha.1",
-    "@onekeyfe/hd-transport": "^1.0.27-alpha.1",
-    "axios": "^0.27.2"
+    "@onekeyfe/hd-shared": "^1.0.28",
+    "@onekeyfe/hd-transport": "^1.0.28",
+    "axios": "^0.27.2",
+    "secure-json-parse": "^4.0.0"
   }
 }
diff --git a/packages/hd-transport-http/src/http.ts b/packages/hd-transport-http/src/http.ts
@@ -1,5 +1,6 @@
 import axios, { AxiosRequestConfig } from 'axios';
 import { HardwareError, HardwareErrorCode } from '@onekeyfe/hd-shared';
+import secureJSON from 'secure-json-parse';
 
 export type HttpRequestOptions = {
   body?: Array<any> | Record<string, unknown> | string;
@@ -24,7 +25,7 @@ function wrapBody(body: any) {
 
 function parseResult(text: string) {
   try {
-    const result = JSON.parse(text);
+    const result = secureJSON.parse(text);
     if (typeof result !== 'object') {
       throw new Error('Invalid response');
     }
diff --git a/packages/hd-transport-http/src/index.ts b/packages/hd-transport-http/src/index.ts
@@ -81,9 +81,11 @@ export default class HttpTransport {
   }
 
   _acquireMixed(input: AcquireInput) {
-    const previousStr = input.previous == null ? 'null' : input.previous;
+    const previousStr = input.previous == null ? 'null' : encodeURIComponent(input.previous);
+    // @ts-expect-error
     // eslint-disable-next-line @typescript-eslint/restrict-template-expressions
-    const url = `/acquire/${input.path}/${previousStr}`;
+    const path = encodeURIComponent(input.path);
+    const url = `/acquire/${path}/${previousStr}`;
     return this._post({ url });
   }
 
diff --git a/packages/hd-transport-lowlevel/package.json b/packages/hd-transport-lowlevel/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@onekeyfe/hd-transport-lowlevel",
-  "version": "1.0.27-alpha.1",
+  "version": "1.0.28",
   "homepage": "https://github.com/OneKeyHQ/hardware-js-sdk#readme",
   "license": "MIT",
   "main": "dist/index.js",
@@ -19,7 +19,7 @@
     "lint:fix": "eslint . --fix"
   },
   "dependencies": {
-    "@onekeyfe/hd-shared": "^1.0.27-alpha.1",
-    "@onekeyfe/hd-transport": "^1.0.27-alpha.1"
+    "@onekeyfe/hd-shared": "^1.0.28",
+    "@onekeyfe/hd-transport": "^1.0.28"
   }
 }
diff --git a/packages/hd-transport-react-native/package.json b/packages/hd-transport-react-native/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@onekeyfe/hd-transport-react-native",
-  "version": "1.0.27-alpha.1",
+  "version": "1.0.28",
   "homepage": "https://github.com/OneKeyHQ/hardware-js-sdk#readme",
   "license": "MIT",
   "main": "dist/index.js",
@@ -19,8 +19,8 @@
     "lint:fix": "eslint . --fix"
   },
   "dependencies": {
-    "@onekeyfe/hd-shared": "^1.0.27-alpha.1",
-    "@onekeyfe/hd-transport": "^1.0.27-alpha.1",
+    "@onekeyfe/hd-shared": "^1.0.28",
+    "@onekeyfe/hd-transport": "^1.0.28",
     "@onekeyfe/react-native-ble-utils": "^0.1.4",
     "react-native-ble-plx": "3.5.0"
   }
diff --git a/packages/hd-transport-webusb/package.json b/packages/hd-transport-webusb/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@onekeyfe/hd-transport-webusb",
-  "version": "1.0.27-alpha.1",
+  "version": "1.0.28",
   "author": "OneKey",
   "homepage": "https://github.com/OneKeyHQ/hardware-js-sdk#readme",
   "license": "MIT",
@@ -20,8 +20,8 @@
     "lint:fix": "eslint . --fix"
   },
   "dependencies": {
-    "@onekeyfe/hd-shared": "^1.0.27-alpha.1",
-    "@onekeyfe/hd-transport": "^1.0.27-alpha.1"
+    "@onekeyfe/hd-shared": "^1.0.28",
+    "@onekeyfe/hd-transport": "^1.0.28"
   },
   "devDependencies": {
     "@types/w3c-web-usb": "^1.0.6",
diff --git a/packages/hd-transport/package.json b/packages/hd-transport/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@onekeyfe/hd-transport",
-  "version": "1.0.27-alpha.1",
+  "version": "1.0.28",
   "description": "> TODO: description",
   "author": "OneKey",
   "homepage": "https://github.com/OneKeyHQ/hardware-js-sdk#readme",
diff --git a/packages/hd-web-sdk/package.json b/packages/hd-web-sdk/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@onekeyfe/hd-web-sdk",
-  "version": "1.0.27-alpha.1",
+  "version": "1.0.28",
   "author": "OneKey",
   "homepage": "https://github.com/OneKeyHQ/hardware-js-sdk#readme",
   "license": "ISC",
@@ -21,10 +21,10 @@
   },
   "dependencies": {
     "@onekeyfe/cross-inpage-provider-core": "^0.0.17",
-    "@onekeyfe/hd-core": "^1.0.27-alpha.1",
-    "@onekeyfe/hd-shared": "^1.0.27-alpha.1",
-    "@onekeyfe/hd-transport-http": "^1.0.27-alpha.1",
-    "@onekeyfe/hd-transport-webusb": "^1.0.27-alpha.1"
+    "@onekeyfe/hd-core": "^1.0.28",
+    "@onekeyfe/hd-shared": "^1.0.28",
+    "@onekeyfe/hd-transport-http": "^1.0.28",
+    "@onekeyfe/hd-transport-webusb": "^1.0.28"
   },
   "devDependencies": {
     "@babel/plugin-proposal-optional-chaining": "^7.17.12",
diff --git a/packages/shared/package.json b/packages/shared/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@onekeyfe/hd-shared",
-  "version": "1.0.27-alpha.1",
+  "version": "1.0.28",
   "description": "Hardware SDK's shared tool library",
   "keywords": [
     "Hardware-SDK",
diff --git a/yarn.lock b/yarn.lock
@@ -17802,6 +17802,11 @@ scrypt-js@3.0.1:
   resolved "https://registry.yarnpkg.com/scrypt-js/-/scrypt-js-3.0.1.tgz#d314a57c2aef69d1ad98a138a21fe9eafa9ee312"
   integrity sha512-cdwTTnqPu0Hyvf5in5asVdZocVDTNRmR7XEcJuIzMjJeSHybHl7vpB66AzwTaIg6CLSbtjcxc8fqcySfnTkccA==
 
+secure-json-parse@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/secure-json-parse/-/secure-json-parse-4.0.0.tgz#2ee1b7581be38ab348bab5a3e49280ba80a89c85"
+  integrity sha512-dxtLJO6sc35jWidmLxo7ij+Eg48PM/kleBsxpC8QJE0qJICe+KawkDQmvCMZUr9u7WKVHgMW6vy3fQ7zMiFZMA==
+
 secure-ls@1.2.6:
   version "1.2.6"
   resolved "https://registry.yarnpkg.com/secure-ls/-/secure-ls-1.2.6.tgz#0c54a4c7fa8317c3c101accbf6bb38d8d2072e46"
@@ -18429,7 +18434,7 @@ string-range@~1.2, string-range@~1.2.1:
   resolved "https://registry.yarnpkg.com/string-range/-/string-range-1.2.2.tgz#a893ed347e72299bc83befbbf2a692a8d239d5dd"
   integrity sha512-tYft6IFi8SjplJpxCUxyqisD3b+R2CSkomrtJYCkvuf1KuCAWgz7YXt4O0jip7efpfCemwHEzTEAO8EuOYgh3w==
 
-"string-width-cjs@npm:string-width@^4.2.0":
+"string-width-cjs@npm:string-width@^4.2.0", "string-width@^1.0.2 || 2 || 3 || 4", string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3:
   version "4.2.3"
   resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010"
   integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==
@@ -18447,15 +18452,6 @@ string-width@^1.0.1:
     is-fullwidth-code-point "^1.0.0"
     strip-ansi "^3.0.0"
 
-"string-width@^1.0.2 || 2 || 3 || 4", string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3:
-  version "4.2.3"
-  resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010"
-  integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==
-  dependencies:
-    emoji-regex "^8.0.0"
-    is-fullwidth-code-point "^3.0.0"
-    strip-ansi "^6.0.1"
-
 string-width@^5.0.1, string-width@^5.1.2:
   version "5.1.2"
   resolved "https://registry.yarnpkg.com/string-width/-/string-width-5.1.2.tgz#14f8daec6d81e7221d2a357e668cab73bdbca794"
@@ -18535,7 +18531,7 @@ string_decoder@~1.1.1:
   dependencies:
     safe-buffer "~5.1.0"
 
-"strip-ansi-cjs@npm:strip-ansi@^6.0.1":
+"strip-ansi-cjs@npm:strip-ansi@^6.0.1", strip-ansi@^6.0.0, strip-ansi@^6.0.1:
   version "6.0.1"
   resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9"
   integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==
@@ -18556,13 +18552,6 @@ strip-ansi@^5.0.0, strip-ansi@^5.2.0:
   dependencies:
     ansi-regex "^4.1.0"
 
-strip-ansi@^6.0.0, strip-ansi@^6.0.1:
-  version "6.0.1"
-  resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9"
-  integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==
-  dependencies:
-    ansi-regex "^5.0.1"
-
 strip-ansi@^7.0.1, strip-ansi@^7.1.0:
   version "7.1.0"
   resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-7.1.0.tgz#d5b6568ca689d8561370b0707685d22434faff45"
@@ -20063,7 +20052,7 @@ wordwrap@^1.0.0:
   resolved "https://registry.yarnpkg.com/wordwrap/-/wordwrap-1.0.0.tgz#27584810891456a4171c8d0226441ade90cbcaeb"
   integrity sha1-J1hIEIkUVqQXHI0CJkQa3pDLyus=
 
-"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0":
+"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0", wrap-ansi@^7.0.0:
   version "7.0.0"
   resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43"
   integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==
@@ -20081,15 +20070,6 @@ wrap-ansi@^6.2.0:
     string-width "^4.1.0"
     strip-ansi "^6.0.0"
 
-wrap-ansi@^7.0.0:
-  version "7.0.0"
-  resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43"
-  integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==
-  dependencies:
-    ansi-styles "^4.0.0"
-    string-width "^4.1.0"
-    strip-ansi "^6.0.0"
-
 wrap-ansi@^8.1.0:
   version "8.1.0"
   resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-8.1.0.tgz#56dc22368ee570face1b49819975d9b9a5ead214"

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@onekeyfe/hd-ble-sdk",`
`3`		`- "version": "1.0.27-alpha.1",`
	`3`	`+ "version": "1.0.28",`
`4`	`4`	`"author": "OneKey",`
`5`	`5`	`"homepage": "https://github.com/OneKeyHQ/hardware-js-sdk#readme",`
`6`	`6`	`"license": "ISC",`
`@@ -20,8 +20,8 @@`
`20`	`20`	`"lint:fix": "eslint . --fix"`
`21`	`21`	`},`
`22`	`22`	`"dependencies": {`
`23`		`- "@onekeyfe/hd-core": "^1.0.27-alpha.1",`
`24`		`- "@onekeyfe/hd-shared": "^1.0.27-alpha.1",`
`25`		`- "@onekeyfe/hd-transport-react-native": "^1.0.27-alpha.1"`
	`23`	`+ "@onekeyfe/hd-core": "^1.0.28",`
	`24`	`+ "@onekeyfe/hd-shared": "^1.0.28",`
	`25`	`+ "@onekeyfe/hd-transport-react-native": "^1.0.28"`
`26`	`26`	`}`
`27`	`27`	`}`
Original file line number	Diff line number	Diff line change
`@@ -81,9 +81,11 @@ export default class HttpTransport {`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`_acquireMixed(input: AcquireInput) {`
`84`		`- const previousStr = input.previous == null ? 'null' : input.previous;`
	`84`	`+ const previousStr = input.previous == null ? 'null' : encodeURIComponent(input.previous);`
	`85`	`+ // @ts-expect-error`
`85`	`86`	`// eslint-disable-next-line @typescript-eslint/restrict-template-expressions`
`86`		- const url = `/acquire/${input.path}/${previousStr}`;
	`87`	`+ const path = encodeURIComponent(input.path);`
	`88`	+ const url = `/acquire/${path}/${previousStr}`;
`87`	`89`	`return this._post({ url });`
`88`	`90`	`}`
`89`	`91`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@onekeyfe/hd-transport-lowlevel",`
`3`		`- "version": "1.0.27-alpha.1",`
	`3`	`+ "version": "1.0.28",`
`4`	`4`	`"homepage": "https://github.com/OneKeyHQ/hardware-js-sdk#readme",`
`5`	`5`	`"license": "MIT",`
`6`	`6`	`"main": "dist/index.js",`
`@@ -19,7 +19,7 @@`
`19`	`19`	`"lint:fix": "eslint . --fix"`
`20`	`20`	`},`
`21`	`21`	`"dependencies": {`
`22`		`- "@onekeyfe/hd-shared": "^1.0.27-alpha.1",`
`23`		`- "@onekeyfe/hd-transport": "^1.0.27-alpha.1"`
	`22`	`+ "@onekeyfe/hd-shared": "^1.0.28",`
	`23`	`+ "@onekeyfe/hd-transport": "^1.0.28"`
`24`	`24`	`}`
`25`	`25`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@onekeyfe/hd-transport",`
`3`		`- "version": "1.0.27-alpha.1",`
	`3`	`+ "version": "1.0.28",`
`4`	`4`	`"description": "> TODO: description",`
`5`	`5`	`"author": "OneKey",`
`6`	`6`	`"homepage": "https://github.com/OneKeyHQ/hardware-js-sdk#readme",`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@onekeyfe/hd-shared",`
`3`		`- "version": "1.0.27-alpha.1",`
	`3`	`+ "version": "1.0.28",`
`4`	`4`	`"description": "Hardware SDK's shared tool library",`
`5`	`5`	`"keywords": [`
`6`	`6`	`"Hardware-SDK",`