liqwik
diff --git a/‎index.js‎
Lines changed: 1 addition & 1 deletion b/‎index.js‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎package-lock.json‎
Lines changed: 53 additions & 165 deletions b/‎package-lock.json‎
Lines changed: 53 additions & 165 deletions
diff --git a/‎package.json‎
Lines changed: 1 addition & 1 deletion b/‎package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎test/unit/serialize.js‎
Lines changed: 16 additions & 11 deletions b/‎test/unit/serialize.js‎
Lines changed: 16 additions & 11 deletions
@@ -188,7 +188,7 @@ module.exports = function serialize(obj, options) {
         }
 
         if (type === 'R') {
-            return regexps[valueIndex].toString();
+            return "new RegExp(\"" + regexps[valueIndex].source + "\", \"" + regexps[valueIndex].flags + "\")";
         }
 
         if (type === 'M') {
 
@@ -1,6 +1,6 @@
 {
   "name": "serialize-javascript",
-  "version": "2.1.0",
+  "version": "2.1.1",
   "description": "Serialize JavaScript to a superset of JSON that includes regular expressions and functions.",
   "main": "index.js",
   "scripts": {
 
@@ -251,7 +251,7 @@ describe('serialize( obj )', function () {
     describe('regexps', function () {
         it('should serialize constructed regexps', function () {
             var re = new RegExp('asdf');
-            expect(serialize(re)).to.be.a('string').equal('/asdf/');
+            expect(serialize(re)).to.be.a('string').equal('new RegExp("asdf", "")');
         });
 
         it('should deserialize constructed regexps', function () {
@@ -262,7 +262,7 @@ describe('serialize( obj )', function () {
 
         it('should serialize literal regexps', function () {
             var re = /asdf/;
-            expect(serialize(re)).to.be.a('string').equal('/asdf/');
+            expect(serialize(re)).to.be.a('string').equal('new RegExp("asdf", "")');
         });
 
         it('should deserialize literal regexps', function () {
@@ -273,7 +273,7 @@ describe('serialize( obj )', function () {
 
         it('should serialize regexps with flags', function () {
             var re = /^asdf$/gi;
-            expect(serialize(re)).to.equal('/^asdf$/gi');
+            expect(serialize(re)).to.equal('new RegExp("^asdf$", "gi")');
         });
 
         it('should deserialize regexps with flags', function () {
@@ -285,17 +285,22 @@ describe('serialize( obj )', function () {
         });
 
         it('should serialize regexps with escaped chars', function () {
-            expect(serialize(/\..*/)).to.equal('/\\..*/');
-            expect(serialize(new RegExp('\\..*'))).to.equal('/\\..*/');
+            expect(serialize(/\..*/)).to.equal('new RegExp("\\..*", "")');
+            expect(serialize(new RegExp('\\..*'))).to.equal('new RegExp("\\..*", "")');
         });
 
         it('should deserialize regexps with escaped chars', function () {
             var re = eval(serialize(/\..*/));
             expect(re).to.be.a('RegExp');
-            expect(re.source).to.equal('\\..*');
+            expect(re.source).to.equal('..*');
             re = eval(serialize(new RegExp('\\..*')));
             expect(re).to.be.a('RegExp');
-            expect(re.source).to.equal('\\..*');
+            expect(re.source).to.equal('..*');
+        });
+
+        it('should serialize dangerous regexps', function () {
+            var re = /[</script><script>alert('xss')//]/
+            expect(serialize(re)).to.be.a('string').equal('new RegExp("[<\\/script><script>alert(\'xss\')\\/\\/]", "")');
         });
     });
 
@@ -332,8 +337,8 @@ describe('serialize( obj )', function () {
                 ['a', 123],
                 [regexKey, 456]
             ]);
-            expect(serialize(m)).to.be.a('string').equal('new Map([["a",123],[/.*/,456]])');
-            expect(serialize({t: [m]})).to.be.a('string').equal('{"t":[new Map([["a",123],[/.*/,456]])]}');
+            expect(serialize(m)).to.be.a('string').equal('new Map([["a",123],[new RegExp(".*", ""),456]])');
+            expect(serialize({t: [m]})).to.be.a('string').equal('{"t":[new Map([["a",123],[new RegExp(".*", ""),456]])]}');
         });
 
         it('should deserialize a map', function () {
@@ -354,8 +359,8 @@ describe('serialize( obj )', function () {
                 123,
                 regex
             ]);
-            expect(serialize(m)).to.be.a('string').equal('new Set(["a",123,/.*/])');
-            expect(serialize({t: [m]})).to.be.a('string').equal('{"t":[new Set(["a",123,/.*/])]}');
+            expect(serialize(m)).to.be.a('string').equal('new Set(["a",123,new RegExp(".*", "")])');
+            expect(serialize({t: [m]})).to.be.a('string').equal('{"t":[new Set(["a",123,new RegExp(".*", "")])]}');
         });
 
         it('should deserialize a set', function () {
Original file line number	Diff line number	Diff line change
`@@ -188,7 +188,7 @@ module.exports = function serialize(obj, options) {`
`188`	`188`	`}`
`189`	`189`
`190`	`190`	`if (type === 'R') {`
`191`		`- return regexps[valueIndex].toString();`
	`191`	`+ return "new RegExp(\"" + regexps[valueIndex].source + "\", \"" + regexps[valueIndex].flags + "\")";`
`192`	`192`	`}`
`193`	`193`
`194`	`194`	`if (type === 'M') {`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "serialize-javascript",`
`3`		`- "version": "2.1.0",`
	`3`	`+ "version": "2.1.1",`
`4`	`4`	`"description": "Serialize JavaScript to a superset of JSON that includes regular expressions and functions.",`
`5`	`5`	`"main": "index.js",`
`6`	`6`	`"scripts": {`