Skip to content

fix: deterministic time parsing #751

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: develop
Choose a base branch
from
Open

fix: deterministic time parsing #751

wants to merge 4 commits into from

Conversation

@notJoon
Copy link
Member

@notJoon notJoon commented Sep 10, 2025
edited
Loading

Description

This PR make time parsing deterministic and explicitly validated. This will make accept only unambiguous formats, reject ambigous and engine-dependent strings and guard against accidnetal coercions from non-string inputs.

Date objects are always tricky to handle. It wouldn't be a big problem if we weren't receiving user input directly like we are now, but we'll never know what might happen later. (ref: https://jsdate.wtf/)

For example, the previous function implicitly trusted those strings and delegated parsing to the JS engine. That means:

  • Engine/local/timezone dependencies for non-ISO formats and date-only strings
  • Slient normalization (e.g., dates like 2023-02-29 rolling over to March 1)
    ...

Changes

Parsing Policy (normalized)

  • Accepted inputs

    • ISO/RFC3339 datetimes with Z or explicit offset (±HH:MM)
    • Date-only (YYYY-MM-DD) -> interpreted as UTC midnight via Date.UTC to avoiding timezone drift
    • Numeric strings
      • Seconds if length is less than equal to 10
      • Otherwise, milliseconds
    • Date instance: getTime() (already UTC epoch ms)
    • number: epoch ms if finite and within representable range

  • Rejected inputs

    • Ambiguous local datetime strings (e.g., "2024-01-15T10:30:00" with no Z/offset)
    • Non-string exotic types (boolean, function, symbol, bigint), arrays, and plain objects (blocked before any coercion)
    • Invalid calendar values (e.g., non-leap 2023-02-29)

@vercel
Copy link

vercel bot commented Sep 10, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
gnoswap-interface Ready Ready Preview Comment Sep 10, 2025 3:50am

@sonarqubecloud
Copy link

sonarqubecloud bot commented Sep 10, 2025

Quality Gate Passed Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
5.6% Duplication on New Code

See analysis details on SonarQube Cloud

@notJoon notJoon marked this pull request as ready for review September 10, 2025 04:04
@notJoon notJoon requested a review from tfrg September 10, 2025 04:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tfrg tfrg Awaiting requested review from tfrg

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@notJoon