-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
url: validate pathToFileURL(path)
argument as string
#49161
url: validate pathToFileURL(path)
argument as string
#49161
Conversation
Review requested:
|
lib/internal/url.js
Outdated
@@ -1443,6 +1444,8 @@ function encodePathChars(filepath) { | |||
} | |||
|
|||
function pathToFileURL(filepath) { | |||
validateString(filepath, 'path'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is an extremely hot path, hence my comment:
We already validate this for !(isWindows && StringPrototypeStartsWith(filepath, '\\\\'))
case (path.resolve handles the validation). Can you make sure this only runs when the OS is windows? No need to run it twice for non-windows environments.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This check also fixes The "paths[0]" argument must be of type string.
error message that kinda implies that this method may take more than one argument.
I guess we can keep the internal/url
version as is (so it won't affect performance in core), but instead of re-exporting it directly in url
make a thin wrapper that validates input, wdyt?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That sounds good to me.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
PR-URL: nodejs#49161 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
c940437
to
57e78bc
Compare
Landed in 57e78bc |
PR-URL: #49161 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: nodejs#49161 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: #49161 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: nodejs/node#49161 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: nodejs/node#49161 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Since
url.pathToFileURL()
is exposed as a part of public API, it should validate input value.Before this change, non-strings were rejected in
path.resolve()
with confusingThe "paths[0]" argument must be of type string.
message.On Windows, input was directly passed into
StringPrototypeStartsWith()
, causing either confusing errors or implicit coercion to string.