Skip to content

climba03003/secure-url

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
.github
.github
 
 
.vscode
.vscode
 
 
lib
lib
 
 
test
test
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.npmignore
.npmignore
 
 
.taprc
.taprc
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

secure-url

Continuous Integration Package Manager CI NPM version GitHub package.json version Coverage Status GitHub

Install

npm install secure-url --save

yarn add secure-url

Usage

By default, the SecureURL do not allow any relative URL like //foo/bar, and it will not allowed to change the host if given.

The first two argument is same as URL and the return is same as URL. Note that one different is, if you update the property of return. It will not update the other property like URL do.

const SecureURL = require("secure-url");

const url = new SecureURL("//foo/bar");
url.href; // https://localhost.local/foo/bar

const url = new SecureURL("https//malicious.com/foo/bar", "https://foo.bar/");
url.href; // https://foo.bar/foo/bar

Option

mode and keepPort is the option that can modify the secure behavior.

Mode (path)

path mode is used to sanitize the given path and keep the base when given.

const SecureURL = require("secure-url");

const url = new SecureURL("//foo/bar", { mode: "path" });
url.href; // https://localhost.local/foo/bar

const url = new SecureURL("https//malicious.com/foo/bar", "https://foo.bar/", {
  mode: "path",
});
url.href; // https://foo.bar/foo/bar

Mode (relax)

relax mode is used to sanitize the given path and allowed to update the base.

const SecureURL = require("secure-url");

const url = new SecureURL("//foo/bar", { mode: "relax" });
url.href; // https://localhost.local/foo/bar

const url = new SecureURL("https//malicious.com/foo/bar", "https://foo.bar/", {
  mode: "relax",
});
url.href; // https//malicious.com/foo/bar

Mode (insecure)

insecure mode disable the sanitize for path and allowed to update the base.

const SecureURL = require("secure-url");

const url = new SecureURL("//foo/bar", "https://foo.bar/", {
  mode: "insecure",
});
url.href; // https://foo/bar

const url = new SecureURL("//malicious.com/foo/bar", "https://foo.bar/", {
  mode: "insecure",
});
url.href; // https://malicious.com/foo/bar

keepPort

keepPort is used when you what to keep the port when specify in URL. We have this behavior because by design URL will stripe the default port matching the protocol. By default: false

const SecureURL = require("secure-url");

const url = new SecureURL("/foo/bar", "https://localhost.local:443/", {
  keepPort: false,
});
url.href; // https://localhost.local/foo/bar

const url = new SecureURL("/foo/bar", "https://localhost.local:443/", {
  keepPort: true,
});
url.href; // https://localhost.local:443/foo/bar

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages