| 1 |
|
| 2 |
|
| 3 | function safeEqual (a, b) {
|
| 4 | if (typeof a !== 'string' || typeof b !== 'string') {
|
| 5 | return a === b
|
| 6 | }
|
| 7 |
|
| 8 | var maxLength = Math.max(a.length, b.length)
|
| 9 |
|
| 10 | // xor strings for security
|
| 11 | var mismatch = 0
|
| 12 | for (var i = 0; i < maxLength; ++i) {
|
| 13 | mismatch |= (a.charCodeAt(i) ^ b.charCodeAt(i))
|
| 14 |
|
| 15 | // check after for perf, we don't want to
|
| 16 | // re-enter the loop if we have a failure.
|
| 17 | if (mismatch > 0) {
|
| 18 | break
|
| 19 | }
|
| 20 | }
|
| 21 |
|
| 22 | return !mismatch
|
| 23 | }
|
| 24 |
|
| 25 | module.exports = safeEqual
|