From 2d9ac2c94067742b2116332c1e03be9f37371dff Mon Sep 17 00:00:00 2001 From: Luigi Pinca Date: Sun, 25 Jul 2021 14:36:29 +0200 Subject: [PATCH] [fix] Sanitize only special URLs (#209) Fixes https://github.com/unshiftio/url-parse/pull/208#discussion_r675788224. --- index.js | 13 ++++++++----- test/test.js | 30 +++++++++++++++++++++++++++++- 2 files changed, 37 insertions(+), 6 deletions(-) diff --git a/index.js b/index.js index 8e31ae3..903fce2 100644 --- a/index.js +++ b/index.js @@ -32,8 +32,8 @@ function trimLeft(str) { var rules = [ ['#', 'hash'], // Extract from the back. ['?', 'query'], // Extract from the back. - function sanitize(address) { // Sanitize what is left of the address - return address.replace(/\\/g, '/'); + function sanitize(address, url) { // Sanitize what is left of the address + return isSpecial(url.protocol) ? address.replace(/\\/g, '/') : address; }, ['/', 'pathname'], // Extract from the back. ['@', 'auth', 1], // Extract from the front. @@ -170,7 +170,7 @@ function extractProtocol(address, location) { if (forwardSlashes) { rest = rest.slice(2); } - } else if (slashesCount >= 2 && location.hostname) { + } else if (slashesCount >= 2 && isSpecial(location.protocol)) { rest = match[4]; } @@ -280,7 +280,10 @@ function Url(address, location, parser) { // if ( url.protocol === 'file:' || - (extracted.slashesCount < 2 && !isSpecial(extracted.protocol)) + (!extracted.slashes && + (extracted.protocol || + extracted.slashesCount < 2 || + !isSpecial(url.protocol))) ) { instructions[3] = [/(.*)/, 'pathname']; } @@ -289,7 +292,7 @@ function Url(address, location, parser) { instruction = instructions[i]; if (typeof instruction === 'function') { - address = instruction(address); + address = instruction(address, url); continue; } diff --git a/test/test.js b/test/test.js index d5a6cab..1893891 100644 --- a/test/test.js +++ b/test/test.js @@ -358,6 +358,13 @@ describe('url-parse', function () { assume(parsed.href).equals('foo:/example.com'); assume(parsed.slashes).is.false(); + url = 'foo:\\example.com'; + parsed = parse(url); + assume(parsed.hostname).equals(''); + assume(parsed.pathname).equals('\\example.com'); + assume(parsed.href).equals('foo:\\example.com'); + assume(parsed.slashes).is.false(); + url = 'foo://example.com'; parsed = parse(url); assume(parsed.hostname).equals('example.com'); @@ -365,13 +372,34 @@ describe('url-parse', function () { assume(parsed.href).equals('foo://example.com'); assume(parsed.slashes).is.true(); + url = 'foo:\\\\example.com'; + parsed = parse(url); + assume(parsed.hostname).equals(''); + assume(parsed.pathname).equals('\\\\example.com'); + assume(parsed.href).equals('foo:\\\\example.com'); + assume(parsed.slashes).is.false(); + url = 'foo:///example.com'; parsed = parse(url); assume(parsed.hostname).equals(''); assume(parsed.pathname).equals('/example.com'); assume(parsed.href).equals('foo:///example.com'); assume(parsed.slashes).is.true(); - }) + + url = 'foo:\\\\\\example.com'; + parsed = parse(url); + assume(parsed.hostname).equals(''); + assume(parsed.pathname).equals('\\\\\\example.com'); + assume(parsed.href).equals('foo:\\\\\\example.com'); + assume(parsed.slashes).is.false(); + + url = '\\\\example.com/foo/bar'; + parsed = parse(url, 'foo://bar.com'); + assume(parsed.hostname).equals('bar.com'); + assume(parsed.pathname).equals('/\\\\example.com/foo/bar'); + assume(parsed.href).equals('foo://bar.com/\\\\example.com/foo/bar'); + assume(parsed.slashes).is.true(); + }); describe('origin', function () { it('generates an origin property', function () {