url: forbid lt and gt in url host code point

As per the recent changes in whatwg/url spec. lt and gt are also added in the list of forbidden hostCodePoint list. PR-URL: nodejs#33328 Refs: whatwg/url#459 Refs: nodejs#33315 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
BridgeAR · May 23, 2020 · 9be51ee · 9be51ee
1 parent 32b641e
commit 9be51ee
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 16 deletions.
diff --git a/src/node_url.cc b/src/node_url.cc
@@ -206,7 +206,8 @@ CHAR_TEST(8, IsForbiddenHostCodePoint,
           ch == '\0' || ch == '\t' || ch == '\n' || ch == '\r' ||
           ch == ' ' || ch == '#' || ch == '%' || ch == '/' ||
           ch == ':' || ch == '?' || ch == '@' || ch == '[' ||
-          ch == '\\' || ch == ']')
+          ch == '<' || ch == '>' || ch == '\\' || ch == ']' ||
+          ch == '^')
 
 // https://url.spec.whatwg.org/#windows-drive-letter
 TWO_CHAR_STRING_TEST(8, IsWindowsDriveLetter,

diff --git a/test/fixtures/wpt/url/resources/urltestdata.json b/test/fixtures/wpt/url/resources/urltestdata.json
@@ -4481,21 +4481,6 @@
     "search": "",
     "hash": ""
   },
-  {
-    "input": "sc://\u001F!\"$&'()*+,-.;<=>^_`{|}~/",
-    "base": "about:blank",
-    "href": "sc://%1F!\"$&'()*+,-.;<=>^_`{|}~/",
-    "origin": "null",
-    "protocol": "sc:",
-    "username": "",
-    "password": "",
-    "host": "%1F!\"$&'()*+,-.;<=>^_`{|}~",
-    "hostname": "%1F!\"$&'()*+,-.;<=>^_`{|}~",
-    "port": "",
-    "pathname": "/",
-    "search": "",
-    "hash": ""
-  },
   {
     "input": "sc://\u0000/",
     "base": "about:blank",
@@ -4649,6 +4634,68 @@
     "search": "",
     "hash": ""
   },
+  "Forbidden host code points",
+  {
+    "input": "http://a<b",
+    "base": "about:blank",
+    "failure": true
+  },
+  {
+    "input": "http://a>b",
+    "base": "about:blank",
+    "failure": true
+  },
+  {
+    "input": "http://a^b",
+    "base": "about:blank",
+    "failure": true
+  },
+  {
+    "input": "non-special://a<b",
+    "base": "about:blank",
+    "failure": true
+  },
+  {
+    "input": "non-special://a>b",
+    "base": "about:blank",
+    "failure": true
+  },
+  {
+    "input": "non-special://a^b",
+    "base": "about:blank",
+    "failure": true
+  },
+  "Allowed host code points",
+  {
+    "input": "http://\u001F!\"$&'()*+,-.;=_`{|}~/",
+    "base": "about:blank",
+    "href": "http://\u001F!\"$&'()*+,-.;=_`{|}~/",
+    "origin": "http://\u001F!\"$&'()*+,-.;=_`{|}~",
+    "protocol": "http:",
+    "username": "",
+    "password": "",
+    "host": "\u001F!\"$&'()*+,-.;=_`{|}~",
+    "hostname": "\u001F!\"$&'()*+,-.;=_`{|}~",
+    "port": "",
+    "pathname": "/",
+    "search": "",
+    "hash": ""
+  },
+  {
+    "input": "sc://\u001F!\"$&'()*+,-.;=_`{|}~/",
+    "base": "about:blank",
+    "href": "sc://%1F!\"$&'()*+,-.;=_`{|}~/",
+    "origin": "null",
+    "protocol": "sc:",
+    "username": "",
+    "password": "",
+    "host": "%1F!\"$&'()*+,-.;=_`{|}~",
+    "hostname": "%1F!\"$&'()*+,-.;=_`{|}~",
+    "port": "",
+    "pathname": "/",
+    "search": "",
+    "hash": ""
+  },
   "# Hosts and percent-encoding",
   {
     "input": "ftp://example.com%80/",