Skip to content

Commit

Permalink
fix(parse): handle excessive colons in scheme delimiter
Browse files Browse the repository at this point in the history
reported by @huydoppa via huntr.dev
  • Loading branch information
rodneyrehm committed Mar 5, 2022
1 parent 01920b5 commit a8166fe
Show file tree
Hide file tree
Showing 2 changed files with 99 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/URI.js
Original file line number Diff line number Diff line change
Expand Up @@ -517,7 +517,7 @@
}

// slashes and backslashes have lost all meaning for the web protocols (https, http, wss, ws)
string = string.replace(/^(https?|ftp|wss?)?:[/\\]*/i, '$1://');
string = string.replace(/^(https?|ftp|wss?)?:+[/\\]*/i, '$1://');

// extract protocol
if (string.substring(0, 2) === '//') {
Expand Down
98 changes: 98 additions & 0 deletions test/urls.js
Original file line number Diff line number Diff line change
Expand Up @@ -2620,6 +2620,104 @@ var urls = [{
idn: false,
punycode: false
}
}, {
name: 'excessive colon in protocol delimiter',
url: 'http:://www.example.org:8080/hello:world',
_url: 'http://www.example.org:8080/hello:world',
parts: {
protocol: 'http',
username: null,
password: null,
hostname: 'www.example.org',
port: '8080',
path: '/hello:world',
query: null,
fragment: null
},
accessors: {
protocol: 'http',
username: '',
password: '',
port: '8080',
path: '/hello:world',
query: '',
fragment: '',
resource: '/hello:world',
authority: 'www.example.org:8080',
origin: 'http://www.example.org:8080',
userinfo: '',
subdomain: 'www',
domain: 'example.org',
tld: 'org',
directory: '/',
filename: 'hello:world',
suffix: '',
hash: '', // location.hash style
search: '', // location.search style
host: 'www.example.org:8080',
hostname: 'www.example.org'
},
is: {
urn: false,
url: true,
relative: false,
name: true,
sld: false,
ip: false,
ip4: false,
ip6: false,
idn: false,
punycode: false
}
}, {
name: 'excessive colon in protocol delimiter backslashes',
url: 'http::\\\\www.example.org:8080/hello:world',
_url: 'http://www.example.org:8080/hello:world',
parts: {
protocol: 'http',
username: null,
password: null,
hostname: 'www.example.org',
port: '8080',
path: '/hello:world',
query: null,
fragment: null
},
accessors: {
protocol: 'http',
username: '',
password: '',
port: '8080',
path: '/hello:world',
query: '',
fragment: '',
resource: '/hello:world',
authority: 'www.example.org:8080',
origin: 'http://www.example.org:8080',
userinfo: '',
subdomain: 'www',
domain: 'example.org',
tld: 'org',
directory: '/',
filename: 'hello:world',
suffix: '',
hash: '', // location.hash style
search: '', // location.search style
host: 'www.example.org:8080',
hostname: 'www.example.org'
},
is: {
urn: false,
url: true,
relative: false,
name: true,
sld: false,
ip: false,
ip4: false,
ip6: false,
idn: false,
punycode: false
}
}
];

0 comments on commit a8166fe

Please sign in to comment.