Skip to content

Commit

Permalink
errors: remove input from ERR_INVALID_URL message
Browse files Browse the repository at this point in the history
Avoid potentially huge messages and leaked secrets.

PR-URL: #38614
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
  • Loading branch information
moander authored and jasnell committed May 17, 2021
1 parent 3612229 commit 417c31b
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 10 deletions.
4 changes: 3 additions & 1 deletion lib/internal/errors.js
Original file line number Diff line number Diff line change
Expand Up @@ -1265,7 +1265,9 @@ E('ERR_INVALID_TUPLE', '%s must be an iterable %s tuple', TypeError);
E('ERR_INVALID_URI', 'URI malformed', URIError);
E('ERR_INVALID_URL', function(input) {
this.input = input;
return `Invalid URL: ${input}`;
// Don't include URL in message.
// (See https://github.com/nodejs/node/pull/38614)
return 'Invalid URL';
}, TypeError);
E('ERR_INVALID_URL_SCHEME',
(expected) => {
Expand Down
12 changes: 8 additions & 4 deletions test/es-module/test-esm-loader-invalid-url.mjs
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,12 @@ import { expectsError, mustCall } from '../common/index.mjs';
import assert from 'assert';

import('../fixtures/es-modules/test-esm-ok.mjs')
.then(assert.fail, expectsError({
code: 'ERR_INVALID_URL',
message: 'Invalid URL: ../fixtures/es-modules/test-esm-ok.mjs'
}))
.then(assert.fail, (error) => {
expectsError({
code: 'ERR_INVALID_URL',
message: 'Invalid URL'
})(error);

assert.strictEqual(error.input, '../fixtures/es-modules/test-esm-ok.mjs');
})
.then(mustCall());
7 changes: 2 additions & 5 deletions test/parallel/test-whatwg-url-custom-parsing.js
Original file line number Diff line number Diff line change
Expand Up @@ -55,11 +55,8 @@ for (const test of failureTests) {
() => new URL(test.input, test.base),
(error) => {
assert.throws(() => { throw error; }, expectedError);

// The input could be processed, so we don't do strict matching here
let match;
assert(match = (`${error}`).match(/Invalid URL: (.*)$/));
assert.strictEqual(error.input, match[1]);
assert.strictEqual(`${error}`, 'TypeError [ERR_INVALID_URL]: Invalid URL');
assert.strictEqual(error.message, 'Invalid URL');
return true;
});
}
Expand Down

0 comments on commit 417c31b

Please sign in to comment.