Skip to content

Commit

Permalink
url: forbid pipe in URL host
Browse files Browse the repository at this point in the history
Fixes: #37862

PR-URL: #37877
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
  • Loading branch information
RaisinTen authored and Trott committed Mar 30, 2021
1 parent c14284f commit 4197555
Show file tree
Hide file tree
Showing 5 changed files with 67 additions and 12 deletions.
2 changes: 1 addition & 1 deletion src/node_url.cc
Original file line number Diff line number Diff line change
Expand Up @@ -208,7 +208,7 @@ CHAR_TEST(8, IsForbiddenHostCodePoint,
ch == ' ' || ch == '#' || ch == '%' || ch == '/' ||
ch == ':' || ch == '?' || ch == '@' || ch == '[' ||
ch == '<' || ch == '>' || ch == '\\' || ch == ']' ||
ch == '^')
ch == '^' || ch == '|')

// https://url.spec.whatwg.org/#windows-drive-letter
TWO_CHAR_STRING_TEST(8, IsWindowsDriveLetter,
Expand Down
5 changes: 5 additions & 0 deletions test/cctest/test_url.cc
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,11 @@ TEST_F(URLTest, Simple2) {
EXPECT_EQ(simple.fragment(), "fragment");
}

TEST_F(URLTest, ForbiddenHostCodePoint) {
URL error("https://exa|mple.org:81/a/b/c?query#fragment");
EXPECT_TRUE(error.flags() & URL_FLAGS_FAILED);
}

TEST_F(URLTest, NoBase1) {
URL error("123noscheme");
EXPECT_TRUE(error.flags() & URL_FLAGS_FAILED);
Expand Down
2 changes: 1 addition & 1 deletion test/fixtures/wpt/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ Last update:
- html/webappapis/timers: https://github.com/web-platform-tests/wpt/tree/5873f2d8f1/html/webappapis/timers
- interfaces: https://github.com/web-platform-tests/wpt/tree/79fa4cf76e/interfaces
- resources: https://github.com/web-platform-tests/wpt/tree/972ca5b669/resources
- url: https://github.com/web-platform-tests/wpt/tree/33f2e3f2e7/url
- url: https://github.com/web-platform-tests/wpt/tree/5eebfdb1f6/url

[Web Platform Tests]: https://github.com/web-platform-tests/wpt
[`git node wpt`]: https://github.com/nodejs/node-core-utils/blob/master/docs/git-node.md#git-node-wpt
68 changes: 59 additions & 9 deletions test/fixtures/wpt/url/resources/urltestdata.json
Original file line number Diff line number Diff line change
Expand Up @@ -4682,30 +4682,30 @@
},
"Allowed host code points",
{
"input": "http://\u001F!\"$&'()*+,-.;=_`{|}~/",
"input": "http://\u001F!\"$&'()*+,-.;=_`{}~/",
"base": "about:blank",
"href": "http://\u001F!\"$&'()*+,-.;=_`{|}~/",
"origin": "http://\u001F!\"$&'()*+,-.;=_`{|}~",
"href": "http://\u001F!\"$&'()*+,-.;=_`{}~/",
"origin": "http://\u001F!\"$&'()*+,-.;=_`{}~",
"protocol": "http:",
"username": "",
"password": "",
"host": "\u001F!\"$&'()*+,-.;=_`{|}~",
"hostname": "\u001F!\"$&'()*+,-.;=_`{|}~",
"host": "\u001F!\"$&'()*+,-.;=_`{}~",
"hostname": "\u001F!\"$&'()*+,-.;=_`{}~",
"port": "",
"pathname": "/",
"search": "",
"hash": ""
},
{
"input": "sc://\u001F!\"$&'()*+,-.;=_`{|}~/",
"input": "sc://\u001F!\"$&'()*+,-.;=_`{}~/",
"base": "about:blank",
"href": "sc://%1F!\"$&'()*+,-.;=_`{|}~/",
"href": "sc://%1F!\"$&'()*+,-.;=_`{}~/",
"origin": "null",
"protocol": "sc:",
"username": "",
"password": "",
"host": "%1F!\"$&'()*+,-.;=_`{|}~",
"hostname": "%1F!\"$&'()*+,-.;=_`{|}~",
"host": "%1F!\"$&'()*+,-.;=_`{}~",
"hostname": "%1F!\"$&'()*+,-.;=_`{}~",
"port": "",
"pathname": "/",
"search": "",
Expand Down Expand Up @@ -5202,6 +5202,56 @@
"search": "",
"hash": ""
},
{
"input": "file://%43%3A",
"base": "about:blank",
"failure": true
},
{
"input": "file://%43%7C",
"base": "about:blank",
"failure": true
},
{
"input": "file://%43|",
"base": "about:blank",
"failure": true
},
{
"input": "file://C%7C",
"base": "about:blank",
"failure": true
},
{
"input": "file://%43%7C/",
"base": "about:blank",
"failure": true
},
{
"input": "https://%43%7C/",
"base": "about:blank",
"failure": true
},
{
"input": "asdf://%43|/",
"base": "about:blank",
"failure": true
},
{
"input": "asdf://%43%7C/",
"base": "about:blank",
"href": "asdf://%43%7C/",
"origin": "null",
"protocol": "asdf:",
"username": "",
"password": "",
"host": "%43%7C",
"hostname": "%43%7C",
"port": "",
"pathname": "/",
"search": "",
"hash": ""
},
"# file URLs relative to other file URLs (via https://github.com/jsdom/whatwg-url/pull/60)",
{
"input": "pix/submit.gif",
Expand Down
2 changes: 1 addition & 1 deletion test/fixtures/wpt/versions.json
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@
"path": "resources"
},
"url": {
"commit": "33f2e3f2e759bd51ebf8e4b9a01b067bc8281c5c",
"commit": "5eebfdb1f68059549b3efff380dd190bc6078266",
"path": "url"
}
}

0 comments on commit 4197555

Please sign in to comment.