Check indexOf result before splicing to prevent removing wrong element
when clearDelayList() runs between timeout registration and execution.
If indexOf returns -1 (id already removed), splice(-1, 1) would incorrectly
remove the last element. Now we skip the splice if id is not found.
Fixes: Dennis-SEG/node-red#3
Added try-catch blocks and null checks to event handlers in core nodes
to prevent uncaught exceptions from crashing the Node-RED runtime.
Changes per node:
**TCP (31-tcpin.js)**
- Wrapped all `on('data')` handlers in try-catch (TcpIn client/server, TcpGet)
**UDP (32-udp.js)**
- Wrapped `on('message')` handler in try-catch
**Exec (90-exec.js)**
- Wrapped stdout/stderr `on('data')` handlers in try-catch
**WebSocket (22-websocket.js)**
- Wrapped send() loop in handleEvent() with try-catch
**MQTT (10-mqtt.js)**
- Added null check for packet parameter in subscriptionHandler()
- Wrapped subscription handler callback in try-catch
- Added null check for mpacket.properties
Without these protections, malformed data or unexpected errors in async
event handlers could cause uncaught exceptions that crash the entire
Node-RED process.
This PR fixes several issues that can cause uncaught exceptions and crash Node-RED:
1. Fixed typo: `toLowercase()` -> `toLowerCase()` in getHeaderValue()
2. Added try-catch to beforeRequest hook
3. Added try-catch to beforeRedirect hook
4. Added try-catch to afterResponse hook (digest auth)
5. Added input validation to extractCookies() with array check
6. Added input validation to buildDigestHeader() for nonce/realm
These changes ensure that malformed responses or invalid data from servers
don't crash the entire Node-RED runtime.
Fixes: Uncaught exceptions in HTTP request node
fixes#5251
The code changed from 4.0.x to 4.1.x
This change to to prevent making changes to the orginial input `msg`
object incase any values were stored in context (pass by refernce).
The change meant that for every output message the whole original
input `msg` was being cloned, which could be huge, causing a big
performance regresion.
This fix ensures the clone of the orginial `msg` is only done once
and the much smaller output message is then cloned again to update
`msg.parts` object for each output. This results in lots of small
clones rather than lots of very large clones.
The inject node was using a restrictive regex that only accepted decimal
numbers, while the switch node properly supported binary (0b) and
hexadecimal (0x) formats. This inconsistency caused the inject node to
show validation errors for valid number formats.
Updated the inject node to use the same validateTypedProperty utility
function as the switch node, ensuring consistent number validation
across both nodes.
Fixes#5208
fixes#5171
If `msg.rejectUnauthorized` is a string allow "true", "false"
(and upper case versions) otherwise show a warning and use default
behaviour.
Boolean values used as is, any other types also ignored.
Steve-Mcl
Nick O'Leary
Dennis-SEG
Dave Conway-Jones
Kazuhito Yokoi
Ben Hardill
Ben Hardill
Debadutta Panda
ZJ van de Weg
GogoVega