From 94cd600542d7af9792db63d4643ac4b0adec7e4c Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Sun, 30 Nov 2025 22:45:27 +0100
Subject: [PATCH 1/3] crypto: fix DOMException name for non-extractable key
 error
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

PR-URL: https://github.com/nodejs/node/pull/60830
Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: LiviaMedeiros <livia@cirno.name>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
---
 lib/internal/crypto/webcrypto.js               |  2 +-
 .../test-webcrypto-export-import-cfrg.js       | 12 ++++++++----
 .../test-webcrypto-export-import-ec.js         | 12 ++++++++----
 .../test-webcrypto-export-import-ml-dsa.js     | 18 ++++++++++++------
 .../test-webcrypto-export-import-ml-kem.js     | 12 ++++++++----
 .../test-webcrypto-export-import-rsa.js        | 12 ++++++++----
 6 files changed, 45 insertions(+), 23 deletions(-)

diff --git a/lib/internal/crypto/webcrypto.js b/lib/internal/crypto/webcrypto.js
index 0fba4e9108c329..2333919e06a2fe 100644
--- a/lib/internal/crypto/webcrypto.js
+++ b/lib/internal/crypto/webcrypto.js
@@ -676,7 +676,7 @@ async function exportKey(format, key) {
   }
 
   if (!key[kExtractable])
-    throw lazyDOMException('key is not extractable', 'InvalidAccessException');
+    throw lazyDOMException('key is not extractable', 'InvalidAccessError');
 
   let result;
   switch (format) {
diff --git a/test/parallel/test-webcrypto-export-import-cfrg.js b/test/parallel/test-webcrypto-export-import-cfrg.js
index ae203e1005de0a..9cfc6e9e4ecf5a 100644
--- a/test/parallel/test-webcrypto-export-import-cfrg.js
+++ b/test/parallel/test-webcrypto-export-import-cfrg.js
@@ -134,7 +134,8 @@ async function testImportSpki({ name, publicUsages }, extractable) {
   } else {
     await assert.rejects(
       subtle.exportKey('spki', key), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
   }
 
@@ -172,7 +173,8 @@ async function testImportPkcs8({ name, privateUsages }, extractable) {
   } else {
     await assert.rejects(
       subtle.exportKey('pkcs8', key), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
   }
 
@@ -303,11 +305,13 @@ async function testImportJwk({ name, publicUsages, privateUsages }, extractable)
   } else {
     await assert.rejects(
       subtle.exportKey('jwk', publicKey), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
     await assert.rejects(
       subtle.exportKey('jwk', privateKey), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
   }
 
diff --git a/test/parallel/test-webcrypto-export-import-ec.js b/test/parallel/test-webcrypto-export-import-ec.js
index 46a7e9153f2668..a2e9df73bc2926 100644
--- a/test/parallel/test-webcrypto-export-import-ec.js
+++ b/test/parallel/test-webcrypto-export-import-ec.js
@@ -123,7 +123,8 @@ async function testImportSpki({ name, publicUsages }, namedCurve, extractable) {
   } else {
     await assert.rejects(
       subtle.exportKey('spki', key), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
   }
 
@@ -165,7 +166,8 @@ async function testImportPkcs8(
   } else {
     await assert.rejects(
       subtle.exportKey('pkcs8', key), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
   }
 
@@ -270,11 +272,13 @@ async function testImportJwk(
   } else {
     await assert.rejects(
       subtle.exportKey('jwk', publicKey), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
     await assert.rejects(
       subtle.exportKey('jwk', privateKey), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
   }
 
diff --git a/test/parallel/test-webcrypto-export-import-ml-dsa.js b/test/parallel/test-webcrypto-export-import-ml-dsa.js
index 38d619eb8c00ec..5b1bafbd461999 100644
--- a/test/parallel/test-webcrypto-export-import-ml-dsa.js
+++ b/test/parallel/test-webcrypto-export-import-ml-dsa.js
@@ -106,7 +106,8 @@ async function testImportSpki({ name, publicUsages }, extractable) {
   } else {
     await assert.rejects(
       subtle.exportKey('spki', key), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
   }
 
@@ -144,7 +145,8 @@ async function testImportPkcs8({ name, privateUsages }, extractable) {
   } else {
     await assert.rejects(
       subtle.exportKey('pkcs8', key), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
   }
 
@@ -181,7 +183,8 @@ async function testImportPkcs8SeedOnly({ name, privateUsages }, extractable) {
   } else {
     await assert.rejects(
       subtle.exportKey('pkcs8', key), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
   }
 
@@ -219,7 +222,8 @@ async function testImportPkcs8PrivOnly({ name, privateUsages }, extractable) {
   } else {
     await assert.rejects(
       subtle.exportKey('pkcs8', key), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
   }
 
@@ -299,11 +303,13 @@ async function testImportJwk({ name, publicUsages, privateUsages }, extractable)
   } else {
     await assert.rejects(
       subtle.exportKey('jwk', publicKey), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
     await assert.rejects(
       subtle.exportKey('jwk', privateKey), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
   }
 
diff --git a/test/parallel/test-webcrypto-export-import-ml-kem.js b/test/parallel/test-webcrypto-export-import-ml-kem.js
index c927b5571a69da..887875a2a8b580 100644
--- a/test/parallel/test-webcrypto-export-import-ml-kem.js
+++ b/test/parallel/test-webcrypto-export-import-ml-kem.js
@@ -89,7 +89,8 @@ async function testImportSpki({ name, publicUsages }, extractable) {
   } else {
     await assert.rejects(
       subtle.exportKey('spki', key), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
   }
 
@@ -127,7 +128,8 @@ async function testImportPkcs8({ name, privateUsages }, extractable) {
   } else {
     await assert.rejects(
       subtle.exportKey('pkcs8', key), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
   }
 
@@ -164,7 +166,8 @@ async function testImportPkcs8SeedOnly({ name, privateUsages }, extractable) {
   } else {
     await assert.rejects(
       subtle.exportKey('pkcs8', key), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
   }
 
@@ -202,7 +205,8 @@ async function testImportPkcs8PrivOnly({ name, privateUsages }, extractable) {
   } else {
     await assert.rejects(
       subtle.exportKey('pkcs8', key), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
   }
 
diff --git a/test/parallel/test-webcrypto-export-import-rsa.js b/test/parallel/test-webcrypto-export-import-rsa.js
index d3af8ec6c3adb9..e542365f52ded5 100644
--- a/test/parallel/test-webcrypto-export-import-rsa.js
+++ b/test/parallel/test-webcrypto-export-import-rsa.js
@@ -336,7 +336,8 @@ async function testImportSpki({ name, publicUsages }, size, hash, extractable) {
   } else {
     await assert.rejects(
       subtle.exportKey('spki', key), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
   }
 }
@@ -372,7 +373,8 @@ async function testImportPkcs8(
   } else {
     await assert.rejects(
       subtle.exportKey('pkcs8', key), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
   }
 
@@ -479,11 +481,13 @@ async function testImportJwk(
   } else {
     await assert.rejects(
       subtle.exportKey('jwk', publicKey), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
     await assert.rejects(
       subtle.exportKey('jwk', privateKey), {
-        message: /key is not extractable/
+        message: /key is not extractable/,
+        name: 'InvalidAccessError',
       });
   }
 

From 6f7f51b8f104dcebb96ac407b489719cc51e124a Mon Sep 17 00:00:00 2001
From: Rafael Gonzaga <rafael.nunu@hotmail.com>
Date: Sun, 30 Nov 2025 19:02:12 -0300
Subject: [PATCH 2/3] doc: clarify fileURLToPath security considerations

Add clarification that fileURLToPath() decodes encoded
dot-segments (%2e%2e) which are normalized as path traversal.
Applications must perform their own path validation to
prevent directory traversal attacks.

Also applies to fileURLToPathBuffer().

PR-URL: https://github.com/nodejs/node/pull/60887
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
---
 doc/api/url.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/doc/api/url.md b/doc/api/url.md
index 7148a3a33e1975..29dd74479bd2ad 100644
--- a/doc/api/url.md
+++ b/doc/api/url.md
@@ -1329,6 +1329,19 @@ changes:
 This function ensures the correct decodings of percent-encoded characters as
 well as ensuring a cross-platform valid absolute path string.
 
+**Security Considerations:**
+
+This function decodes percent-encoded characters, including encoded dot-segments
+(`%2e` as `.` and `%2e%2e` as `..`), and then normalizes the resulting path.
+This means that encoded directory traversal sequences (such as `%2e%2e`) are
+decoded and processed as actual path traversal, even though encoded slashes
+(`%2F`, `%5C`) are correctly rejected.
+
+**Applications must not rely on `fileURLToPath()` alone to prevent directory
+traversal attacks.** Always perform explicit path validation and security checks
+on the returned path value to ensure it remains within expected boundaries
+before using it for file system operations.
+
 ```mjs
 import { fileURLToPath } from 'node:url';
 
@@ -1384,6 +1397,15 @@ representation of the path, a `Buffer` is returned. This conversion is
 helpful when the input URL contains percent-encoded segments that are
 not valid UTF-8 / Unicode sequences.
 
+**Security Considerations:**
+
+This function has the same security considerations as [`url.fileURLToPath()`][].
+It decodes percent-encoded characters, including encoded dot-segments
+(`%2e` as `.` and `%2e%2e` as `..`), and normalizes the path. **Applications
+must not rely on this function alone to prevent directory traversal attacks.**
+Always perform explicit path validation on the returned buffer value before
+using it for file system operations.
+
 ### `url.format(URL[, options])`
 
 <!-- YAML
@@ -2014,6 +2036,7 @@ console.log(myURL.origin);
 [`querystring`]: querystring.md
 [`url.domainToASCII()`]: #urldomaintoasciidomain
 [`url.domainToUnicode()`]: #urldomaintounicodedomain
+[`url.fileURLToPath()`]: #urlfileurltopathurl-options
 [`url.format()`]: #urlformaturlobject
 [`url.href`]: #urlhref
 [`url.parse()`]: #urlparseurlstring-parsequerystring-slashesdenotehost

From b1e941e7b2590d3d7fed76a9de5e467fd04d6da3 Mon Sep 17 00:00:00 2001
From: Yagiz Nizipli <yagiz@nizipli.com>
Date: Sun, 30 Nov 2025 20:17:44 -0500
Subject: [PATCH 3/3] util: improve textencoder encodeInto performance

Co-authored-by: Erik Corry <ecorry@cloudflare.com>
Co-authored-by: Daniel Lemire <daniel@lemire.me>
PR-URL: https://github.com/nodejs/node/pull/60843
Reviewed-By: Daniel Lemire <daniel@lemire.me>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
---
 src/encoding_binding.cc | 209 ++++++++++++++++++++++++++++++++++++++--
 1 file changed, 201 insertions(+), 8 deletions(-)

diff --git a/src/encoding_binding.cc b/src/encoding_binding.cc
index 877ae8a18f6b8f..88d49d7fcd134d 100644
--- a/src/encoding_binding.cc
+++ b/src/encoding_binding.cc
@@ -6,8 +6,10 @@
 #include "node_external_reference.h"
 #include "simdutf.h"
 #include "string_bytes.h"
+#include "util.h"
 #include "v8.h"
 
+#include <algorithm>
 #include <cstdint>
 
 namespace node {
@@ -71,6 +73,113 @@ InternalFieldInfoBase* BindingData::Serialize(int index) {
   return info;
 }
 
+// The following code is adapted from Cloudflare workers.
+// Particularly from: https://github.com/cloudflare/workerd/pull/5448
+//
+// Copyright (c) 2017-2025 Cloudflare, Inc.
+// Licensed under the Apache 2.0 license found in the LICENSE file or at:
+//     https://opensource.org/licenses/Apache-2.0
+namespace {
+constexpr int MAX_SIZE_FOR_STACK_ALLOC = 4096;
+
+constexpr bool isSurrogatePair(uint16_t lead, uint16_t trail) {
+  return (lead & 0xfc00) == 0xd800 && (trail & 0xfc00) == 0xdc00;
+}
+
+constexpr size_t simpleUtfEncodingLength(uint16_t c) {
+  if (c < 0x80) return 1;
+  if (c < 0x400) return 2;
+  return 3;
+}
+
+// Finds the maximum number of input characters (UTF-16 or Latin1) that can be
+// encoded into a UTF-8 buffer of the given size.
+//
+// The challenge is that UTF-8 encoding expands characters by variable amounts:
+// - ASCII (< 0x80): 1 byte
+// - Code points < 0x800: 2 bytes
+// - Other BMP characters: 3 bytes
+// - Surrogate pairs (supplementary planes): 4 bytes total
+//
+// This function uses an adaptive chunking algorithm:
+// 1. Process the input in chunks, estimating how many characters will fit
+// 2. Calculate the actual UTF-8 length for each chunk using simdutf
+// 3. Adjust the expansion factor based on observed encoding ratios
+// 4. Fall back to character-by-character processing near the buffer boundary
+// 5. Handle UTF-16 surrogate pairs to avoid splitting them across boundaries
+//
+// The algorithm starts with a conservative expansion estimate (1.15x) and
+// dynamically adjusts based on actual character distribution, making it
+// efficient for common ASCII-heavy text while remaining correct for
+// multi-byte heavy content.
+template <typename Char>
+size_t findBestFit(const Char* data, size_t length, size_t bufferSize) {
+  size_t pos = 0;
+  size_t utf8Accumulated = 0;
+  constexpr size_t CHUNK = 257;
+  constexpr bool UTF16 = sizeof(Char) == 2;
+  constexpr size_t MAX_FACTOR = UTF16 ? 3 : 2;
+
+  double expansion = 1.15;
+
+  while (pos < length && utf8Accumulated < bufferSize) {
+    size_t remainingInput = length - pos;
+    size_t spaceRemaining = bufferSize - utf8Accumulated;
+    DCHECK_GE(expansion, 1.15);
+
+    size_t guaranteedToFit = spaceRemaining / MAX_FACTOR;
+    if (guaranteedToFit >= remainingInput) {
+      return length;
+    }
+    size_t likelyToFit =
+        std::min(static_cast<size_t>(spaceRemaining / expansion), CHUNK);
+    size_t fitEstimate =
+        std::max(size_t{1}, std::max(guaranteedToFit, likelyToFit));
+    size_t chunkSize = std::min(remainingInput, fitEstimate);
+    if (chunkSize == 1) break;
+    CHECK_GT(chunkSize, 1);
+
+    size_t chunkUtf8Len;
+    if constexpr (UTF16) {
+      // TODO(anonrig): Use utf8_length_from_utf16_with_replacement when
+      // available For now, validate and use utf8_length_from_utf16
+      size_t newPos = pos + chunkSize;
+      if (newPos < length && isSurrogatePair(data[newPos - 1], data[newPos]))
+        chunkSize--;
+      chunkUtf8Len = simdutf::utf8_length_from_utf16(data + pos, chunkSize);
+    } else {
+      chunkUtf8Len = simdutf::utf8_length_from_latin1(data + pos, chunkSize);
+    }
+
+    if (utf8Accumulated + chunkUtf8Len > bufferSize) {
+      DCHECK_GT(chunkSize, guaranteedToFit);
+      expansion = std::max(expansion * 1.1, (chunkUtf8Len * 1.1) / chunkSize);
+    } else {
+      expansion = std::max(1.15, (chunkUtf8Len * 1.1) / chunkSize);
+      pos += chunkSize;
+      utf8Accumulated += chunkUtf8Len;
+    }
+  }
+
+  while (pos < length && utf8Accumulated < bufferSize) {
+    size_t extra = simpleUtfEncodingLength(data[pos]);
+    if (utf8Accumulated + extra > bufferSize) break;
+    pos++;
+    utf8Accumulated += extra;
+  }
+
+  if (UTF16 && pos != 0 && pos != length &&
+      isSurrogatePair(data[pos - 1], data[pos])) {
+    if (utf8Accumulated < bufferSize) {
+      pos++;
+    } else {
+      pos--;
+    }
+  }
+  return pos;
+}
+}  // namespace
+
 void BindingData::Deserialize(Local<Context> context,
                               Local<Object> holder,
                               int index,
@@ -98,18 +207,102 @@ void BindingData::EncodeInto(const FunctionCallbackInfo<Value>& args) {
 
   Local<Uint8Array> dest = args[1].As<Uint8Array>();
   Local<ArrayBuffer> buf = dest->Buffer();
+
+  // Handle detached buffers - return {read: 0, written: 0}
+  if (buf->Data() == nullptr) {
+    binding_data->encode_into_results_buffer_[0] = 0;
+    binding_data->encode_into_results_buffer_[1] = 0;
+    return;
+  }
+
   char* write_result = static_cast<char*>(buf->Data()) + dest->ByteOffset();
   size_t dest_length = dest->ByteLength();
+  size_t read = 0;
+  size_t written = 0;
+
+  // For small strings (length <= 32), use the old V8 path for better
+  // performance
+  static constexpr int kSmallStringThreshold = 32;
+  if (source->Length() <= kSmallStringThreshold) {
+    written = source->WriteUtf8V2(isolate,
+                                  write_result,
+                                  dest_length,
+                                  String::WriteFlags::kReplaceInvalidUtf8,
+                                  &read);
+    binding_data->encode_into_results_buffer_[0] = static_cast<double>(read);
+    binding_data->encode_into_results_buffer_[1] = static_cast<double>(written);
+    return;
+  }
 
-  size_t nchars;
-  size_t written = source->WriteUtf8V2(isolate,
-                                       write_result,
-                                       dest_length,
-                                       String::WriteFlags::kReplaceInvalidUtf8,
-                                       &nchars);
+  v8::String::ValueView view(isolate, source);
+  size_t length_that_fits =
+      std::min(static_cast<size_t>(view.length()), dest_length);
+
+  if (view.is_one_byte()) {
+    auto data = reinterpret_cast<const char*>(view.data8());
+    simdutf::result result =
+        simdutf::validate_ascii_with_errors(data, length_that_fits);
+    written = read = result.count;
+    memcpy(write_result, data, read);
+    write_result += read;
+    data += read;
+    length_that_fits -= read;
+    dest_length -= read;
+    if (length_that_fits != 0 && dest_length != 0) {
+      if (size_t rest = findBestFit(data, length_that_fits, dest_length)) {
+        DCHECK_LE(simdutf::utf8_length_from_latin1(data, rest), dest_length);
+        written += simdutf::convert_latin1_to_utf8(data, rest, write_result);
+        read += rest;
+      }
+    }
+  } else {
+    auto data = reinterpret_cast<const char16_t*>(view.data16());
+
+    // Limit conversion to what could fit in destination, avoiding splitting
+    // a valid surrogate pair at the boundary, which could cause a spurious call
+    // of simdutf::to_well_formed_utf16()
+    if (length_that_fits > 0 && length_that_fits < view.length() &&
+        isSurrogatePair(data[length_that_fits - 1], data[length_that_fits])) {
+      length_that_fits--;
+    }
+
+    // Check if input has unpaired surrogates - if so, convert to well-formed
+    // first
+    simdutf::result validation_result =
+        simdutf::validate_utf16_with_errors(data, length_that_fits);
+
+    if (validation_result.error == simdutf::SUCCESS) {
+      // Valid UTF-16 - use the fast path
+      read = findBestFit(data, length_that_fits, dest_length);
+      if (read != 0) {
+        DCHECK_LE(simdutf::utf8_length_from_utf16(data, read), dest_length);
+        written = simdutf::convert_utf16_to_utf8(data, read, write_result);
+      }
+    } else {
+      // Invalid UTF-16 with unpaired surrogates - convert to well-formed first
+      // TODO(anonrig): Use utf8_length_from_utf16_with_replacement when
+      // available
+      MaybeStackBuffer<char16_t, MAX_SIZE_FOR_STACK_ALLOC> conversion_buffer(
+          length_that_fits);
+      simdutf::to_well_formed_utf16(
+          data, length_that_fits, conversion_buffer.out());
+
+      // Now use findBestFit with the well-formed data
+      read =
+          findBestFit(conversion_buffer.out(), length_that_fits, dest_length);
+      if (read != 0) {
+        DCHECK_LE(
+            simdutf::utf8_length_from_utf16(conversion_buffer.out(), read),
+            dest_length);
+        written = simdutf::convert_utf16_to_utf8(
+            conversion_buffer.out(), read, write_result);
+      }
+    }
+  }
+  DCHECK_LE(written, dest->ByteLength());
 
-  binding_data->encode_into_results_buffer_[0] = nchars;
-  binding_data->encode_into_results_buffer_[1] = written;
+  binding_data->encode_into_results_buffer_[0] = static_cast<double>(read);
+  binding_data->encode_into_results_buffer_[1] = static_cast<double>(written);
 }
 
 // Encode a single string to a UTF-8 Uint8Array (not Buffer).