From a8166fe02f3af6dc1b2b888dcbb807155aad9509 Mon Sep 17 00:00:00 2001 From: Rodney Rehm Date: Sat, 5 Mar 2022 16:12:39 +0100 Subject: [PATCH] fix(parse): handle excessive colons in scheme delimiter reported by @huydoppa via huntr.dev --- src/URI.js | 2 +- test/urls.js | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 99 insertions(+), 1 deletion(-) diff --git a/src/URI.js b/src/URI.js index aeeed7e..610f6ce 100644 --- a/src/URI.js +++ b/src/URI.js @@ -517,7 +517,7 @@ } // slashes and backslashes have lost all meaning for the web protocols (https, http, wss, ws) - string = string.replace(/^(https?|ftp|wss?)?:[/\\]*/i, '$1://'); + string = string.replace(/^(https?|ftp|wss?)?:+[/\\]*/i, '$1://'); // extract protocol if (string.substring(0, 2) === '//') { diff --git a/test/urls.js b/test/urls.js index 4b077ce..ec6da7c 100644 --- a/test/urls.js +++ b/test/urls.js @@ -2620,6 +2620,104 @@ var urls = [{ idn: false, punycode: false } + }, { + name: 'excessive colon in protocol delimiter', + url: 'http:://www.example.org:8080/hello:world', + _url: 'http://www.example.org:8080/hello:world', + parts: { + protocol: 'http', + username: null, + password: null, + hostname: 'www.example.org', + port: '8080', + path: '/hello:world', + query: null, + fragment: null + }, + accessors: { + protocol: 'http', + username: '', + password: '', + port: '8080', + path: '/hello:world', + query: '', + fragment: '', + resource: '/hello:world', + authority: 'www.example.org:8080', + origin: 'http://www.example.org:8080', + userinfo: '', + subdomain: 'www', + domain: 'example.org', + tld: 'org', + directory: '/', + filename: 'hello:world', + suffix: '', + hash: '', // location.hash style + search: '', // location.search style + host: 'www.example.org:8080', + hostname: 'www.example.org' + }, + is: { + urn: false, + url: true, + relative: false, + name: true, + sld: false, + ip: false, + ip4: false, + ip6: false, + idn: false, + punycode: false + } + }, { + name: 'excessive colon in protocol delimiter backslashes', + url: 'http::\\\\www.example.org:8080/hello:world', + _url: 'http://www.example.org:8080/hello:world', + parts: { + protocol: 'http', + username: null, + password: null, + hostname: 'www.example.org', + port: '8080', + path: '/hello:world', + query: null, + fragment: null + }, + accessors: { + protocol: 'http', + username: '', + password: '', + port: '8080', + path: '/hello:world', + query: '', + fragment: '', + resource: '/hello:world', + authority: 'www.example.org:8080', + origin: 'http://www.example.org:8080', + userinfo: '', + subdomain: 'www', + domain: 'example.org', + tld: 'org', + directory: '/', + filename: 'hello:world', + suffix: '', + hash: '', // location.hash style + search: '', // location.search style + host: 'www.example.org:8080', + hostname: 'www.example.org' + }, + is: { + urn: false, + url: true, + relative: false, + name: true, + sld: false, + ip: false, + ip4: false, + ip6: false, + idn: false, + punycode: false + } } ];