Skip to content

Commit

Permalink
[fix] Sanitize only special URLs (#209)
Browse files Browse the repository at this point in the history
  • Loading branch information
lpinca authored Jul 25, 2021
1 parent fb128af commit 2d9ac2c
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 6 deletions.
13 changes: 8 additions & 5 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,8 @@ function trimLeft(str) {
var rules = [
['#', 'hash'], // Extract from the back.
['?', 'query'], // Extract from the back.
function sanitize(address) { // Sanitize what is left of the address
return address.replace(/\\/g, '/');
function sanitize(address, url) { // Sanitize what is left of the address
return isSpecial(url.protocol) ? address.replace(/\\/g, '/') : address;
},
['/', 'pathname'], // Extract from the back.
['@', 'auth', 1], // Extract from the front.
Expand Down Expand Up @@ -170,7 +170,7 @@ function extractProtocol(address, location) {
if (forwardSlashes) {
rest = rest.slice(2);
}
} else if (slashesCount >= 2 && location.hostname) {
} else if (slashesCount >= 2 && isSpecial(location.protocol)) {
rest = match[4];
}

Expand Down Expand Up @@ -280,7 +280,10 @@ function Url(address, location, parser) {
//
if (
url.protocol === 'file:' ||
(extracted.slashesCount < 2 && !isSpecial(extracted.protocol))
(!extracted.slashes &&
(extracted.protocol ||
extracted.slashesCount < 2 ||
!isSpecial(url.protocol)))
) {
instructions[3] = [/(.*)/, 'pathname'];
}
Expand All @@ -289,7 +292,7 @@ function Url(address, location, parser) {
instruction = instructions[i];

if (typeof instruction === 'function') {
address = instruction(address);
address = instruction(address, url);
continue;
}

Expand Down
30 changes: 29 additions & 1 deletion test/test.js
Original file line number Diff line number Diff line change
Expand Up @@ -358,20 +358,48 @@ describe('url-parse', function () {
assume(parsed.href).equals('foo:/example.com');
assume(parsed.slashes).is.false();

url = 'foo:\\example.com';
parsed = parse(url);
assume(parsed.hostname).equals('');
assume(parsed.pathname).equals('\\example.com');
assume(parsed.href).equals('foo:\\example.com');
assume(parsed.slashes).is.false();

url = 'foo://example.com';
parsed = parse(url);
assume(parsed.hostname).equals('example.com');
assume(parsed.pathname).equals('');
assume(parsed.href).equals('foo://example.com');
assume(parsed.slashes).is.true();

url = 'foo:\\\\example.com';
parsed = parse(url);
assume(parsed.hostname).equals('');
assume(parsed.pathname).equals('\\\\example.com');
assume(parsed.href).equals('foo:\\\\example.com');
assume(parsed.slashes).is.false();

url = 'foo:///example.com';
parsed = parse(url);
assume(parsed.hostname).equals('');
assume(parsed.pathname).equals('/example.com');
assume(parsed.href).equals('foo:///example.com');
assume(parsed.slashes).is.true();
})

url = 'foo:\\\\\\example.com';
parsed = parse(url);
assume(parsed.hostname).equals('');
assume(parsed.pathname).equals('\\\\\\example.com');
assume(parsed.href).equals('foo:\\\\\\example.com');
assume(parsed.slashes).is.false();

url = '\\\\example.com/foo/bar';
parsed = parse(url, 'foo://bar.com');
assume(parsed.hostname).equals('bar.com');
assume(parsed.pathname).equals('/\\\\example.com/foo/bar');
assume(parsed.href).equals('foo://bar.com/\\\\example.com/foo/bar');
assume(parsed.slashes).is.true();
});

describe('origin', function () {
it('generates an origin property', function () {
Expand Down

0 comments on commit 2d9ac2c

Please sign in to comment.