Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore slashes after the protocol for special URLs #208

Merged
merged 4 commits into from
Jul 24, 2021
Merged

Ignore slashes after the protocol for special URLs #208

merged 4 commits into from
Jul 24, 2021

Conversation

lpinca
Copy link
Member

@lpinca lpinca commented Jul 23, 2021

Fixes #205
Fixes #206

@lpinca lpinca requested a review from 3rd-Eden July 23, 2021 16:36
@lpinca
Copy link
Member Author

lpinca commented Jul 23, 2021

I have to add tests but it should work.

@3rd-Eden
Copy link
Member

LGTM when additional tests are added.

@lpinca lpinca force-pushed the ignore/slashes-for-special-urls branch from 04db85c to 320a8dc Compare July 23, 2021 18:37
@lpinca lpinca changed the title Ignore the slashes after the protocol for special URLs Ignore slashes after the protocol for special URLs Jul 23, 2021
lpinca
lpinca commented Jul 23, 2021
View reviewed changes
test/test.js Outdated Show resolved Hide resolved
test/test.js Show resolved Hide resolved
@lpinca
Copy link
Member Author

lpinca commented Jul 23, 2021
edited
Loading

In addition to #208 (comment) and #208 (comment) there are a lot of other inconsistencies with the Node.js WHATWG URL parser. I don't think it's possible to fix all of them without adding a lot of complexity. It is probably easier to rewrite url-parse from scratch following the specification.

@lpinca
[fix] Do not incorrectly set the slashes property to true
a3bd381 
Set it to `true` only if the protocol is special or if it is actually
followed by two forward slashes.
@lpinca
[fix] Add a leading slash only if the URL is special
eda1342 
If the value of the `pathname` property does not start with a `/`, add
it only if the URL is special.
@lpinca
[fix] Use 'null' as origin for non special URLs
e24fca3
@lpinca
Copy link
Member Author

lpinca commented Jul 24, 2021

@3rd-Eden I'm merging this. Can you please cut a new release?

@lpinca lpinca merged commit fb128af into master Jul 24, 2021
@lpinca lpinca deleted the ignore/slashes-for-special-urls branch July 24, 2021 16:28
@lpinca lpinca mentioned this pull request Jul 25, 2021
Merged
lpinca added a commit that referenced this pull request Jul 25, 2021
@lpinca
[fix] Sanitize only special URLs
5234df8 
Fixes #208 (comment).
lpinca added a commit that referenced this pull request Jul 25, 2021
@lpinca
[fix] Sanitize only special URLs
2f86e3b 
Fixes #208 (comment).
3rd-Eden pushed a commit that referenced this pull request Jul 25, 2021
@lpinca
[fix] Sanitize only special URLs (#209)
2d9ac2c 
Fixes #208 (comment).
@ndelvalle ndelvalle mentioned this pull request Sep 22, 2021
Closed
@Abdul1110 Abdul1110 mentioned this pull request May 12, 2022
Open
@Svetlana-github Svetlana-github mentioned this pull request May 16, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@3rd-Eden 3rd-Eden Awaiting requested review from 3rd-Eden

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Security issues Hostname spoofing & Open Redirect URLs with no hostname not parsed properly in v1.5.0
2 participants
@lpinca @3rd-Eden