Simplify host parsing fix#403
Merged
rodneyrehm merged 3 commits intomedialize:masterfrom Dec 23, 2020
Merged
Conversation
* Attempt to simplify host parsing fix made in 4f45faf by normalizing backslashes into forward slashes before parsing authority. * Add test case. Two test cases currently fail because they expect host/hostname mutators to throw exceptions when they contain backslashes. Will address after discussion in PR.
Contributor
Author
|
@rodneyrehm: 👋🏻 Proposed fix per email. |
Member
|
If we change the tests from expecting an error to verifying the result diff --git a/test/test.js b/test/test.js
index 672b3f9..6ac368f 100644
--- a/test/test.js
+++ b/test/test.js
@@ -306,9 +306,9 @@
equal(u.hostname(), 'some_where.exa_mple.org', 'hostname changed');
equal(u+'', 'http://some_where.exa_mple.org/foo.html', 'hostname changed url');
- raises(function() {
- u.hostname('foo\\bar.com');
- }, TypeError, 'Failing backslash detection in hostname');
+ u.hostname('foo\\bar.com');
+ equal(u.hostname(), 'foo', 'hostname changed');
+ equal(u+'', 'http://foo/foo.html', 'hostname changed url');
// instance does not fall back to global setting
URI.preventInvalidHostname = true;
@@ -471,9 +471,10 @@
equal(u.port(), '44', 'port restored');
equal(u+'', 'http://some_where.exa_mple.org:44/foo.html', 'host modified url #2');
- raises(function() {
- u.host('foo\\bar.com');
- }, TypeError, 'Failing backslash detection in host');
+ u.host('foo\\bar.com');
+ equal(u.hostname(), 'foo', 'host modified hostname');
+ equal(u.port(), '', 'host removed port');
+ equal(u+'', 'http://foo/foo.html', 'host modified url');
});
test('origin', function () {
var u = new URI('http://foo.bar/foo.html');we'll see both tests fail with |
Member
|
preserving the existing tests and adding your new case: diff --git a/src/URI.js b/src/URI.js
index 715c097..92c0481 100644
--- a/src/URI.js
+++ b/src/URI.js
@@ -612,19 +612,22 @@
};
URI.parseUserinfo = function(string, parts) {
// extract username:password
+ var _string = string
var firstBackSlash = string.indexOf('\\');
+ if (firstBackSlash !== -1) {
+ string = string.replace(/\\/g, '/')
+ }
var firstSlash = string.indexOf('/');
- var slash = firstBackSlash === -1 ? firstSlash : (firstSlash !== -1 ? Math.min(firstBackSlash, firstSlash): firstSlash)
var pos = string.lastIndexOf('@', firstSlash > -1 ? firstSlash : string.length - 1);
var t;
// authority@ must come before /path or \path
- if (pos > -1 && (slash === -1 || pos < slash)) {
+ if (pos > -1 && (firstSlash === -1 || pos < firstSlash)) {
t = string.substring(0, pos).split(':');
parts.username = t[0] ? URI.decode(t[0]) : null;
t.shift();
parts.password = t[0] ? URI.decode(t.join(':')) : null;
- string = string.substring(pos + 1);
+ string = _string.substring(pos + 1);
} else {
parts.username = null;
parts.password = null;
diff --git a/test/urls.js b/test/urls.js
index 5e0c06e..14255c1 100644
--- a/test/urls.js
+++ b/test/urls.js
@@ -2033,6 +2033,55 @@ var urls = [{
idn: false,
punycode: false
}
+ }, {
+ name: 'backslashes authority, no ending slash',
+ url: 'https://attacker.com\\@example.com',
+ _url: 'https://attacker.com/@example.com',
+ parts: {
+ protocol: 'https',
+ username: null,
+ password: null,
+ hostname: 'attacker.com',
+ port: null,
+ path: '/@example.com',
+ query: null,
+ fragment: null
+ },
+ accessors: {
+ protocol: 'https',
+ username: '',
+ password: '',
+ port: '',
+ path: '/@example.com',
+ query: '',
+ fragment: '',
+ resource: '/@example.com',
+ authority: 'attacker.com',
+ origin: 'https://attacker.com',
+ userinfo: '',
+ subdomain: '',
+ domain: 'attacker.com',
+ tld: 'com',
+ directory: '/',
+ filename: '@example.com',
+ suffix: 'com',
+ hash: '',
+ search: '',
+ host: 'attacker.com',
+ hostname: 'attacker.com'
+ },
+ is: {
+ urn: false,
+ url: true,
+ relative: false,
+ name: true,
+ sld: false,
+ ip: false,
+ ip4: false,
+ ip6: false,
+ idn: false,
+ punycode: false
+ }
}
]; |
Apply patch from medialize#403 (comment)
Contributor
Author
|
Your patch is great, thanks for iterating on this. I've reverted my patch to Feel free to either merge this PR or merge the changes from your branch. |
Member
|
released as v1.19.4, thanks for your help :) |
This was referenced Mar 9, 2021
Closed
This was referenced Mar 14, 2021
This was referenced Mar 19, 2021
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Two test cases currently fail because they expect host/hostname mutators to throw exceptions when they contain backslashes. Will address after discussion in PR.