Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ignore slashes after the protocol for special URLs #208

Merged
merged 4 commits into from
Jul 24, 2021

Conversation

lpinca
Copy link
Member

@lpinca lpinca commented Jul 23, 2021

Fixes #205
Fixes #206

@lpinca lpinca requested a review from 3rd-Eden July 23, 2021 16:36
@lpinca
Copy link
Member Author

lpinca commented Jul 23, 2021

I have to add tests but it should work.

@3rd-Eden
Copy link
Member

LGTM when additional tests are added.

@lpinca lpinca force-pushed the ignore/slashes-for-special-urls branch from 04db85c to 320a8dc Compare July 23, 2021 18:37
@lpinca lpinca changed the title Ignore the slashes after the protocol for special URLs Ignore slashes after the protocol for special URLs Jul 23, 2021
test/test.js Outdated Show resolved Hide resolved
test/test.js Show resolved Hide resolved
@lpinca
Copy link
Member Author

lpinca commented Jul 23, 2021

In addition to #208 (comment) and #208 (comment) there are a lot of other inconsistencies with the Node.js WHATWG URL parser. I don't think it's possible to fix all of them without adding a lot of complexity. It is probably easier to rewrite url-parse from scratch following the specification.

lpinca added 3 commits July 24, 2021 11:55
Set it to `true` only if the protocol is special or if it is actually
followed by two forward slashes.
If the value of the `pathname` property does not start with a `/`, add
it only if the URL is special.
@lpinca
Copy link
Member Author

lpinca commented Jul 24, 2021

@3rd-Eden I'm merging this. Can you please cut a new release?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Security issues Hostname spoofing & Open Redirect URLs with no hostname not parsed properly in v1.5.0
2 participants