Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix potential vulnerability for "http://\\\\localhost"
  • Loading branch information
duzun committed Feb 28, 2022
1 parent 89cc363 commit 9dc9fcc
Show file tree
Hide file tree
Showing 9 changed files with 42 additions and 15 deletions.
2 changes: 1 addition & 1 deletion bower.json
@@ -1,6 +1,6 @@
{
"name": "url-js",
"version": "2.0.0",
"version": "2.1.0",
"description": "Simple URL parser, similar to DOM URL",
"main": "url.js",
"authors": [
Expand Down
2 changes: 1 addition & 1 deletion package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
@@ -1,6 +1,6 @@
{
"name": "url-js",
"version": "2.0.0",
"version": "2.1.0",
"description": "Simple URL parser, similar to DOM URL",
"main": "dist/url.js",
"module": "url.js",
Expand Down
12 changes: 12 additions & 0 deletions test.js
Expand Up @@ -31,6 +31,18 @@ describe('URL', function() {
expect(String(m)).toBe('https://www.example.com/path/xyz?var=123');
expect(String(n)).toBe('https://www.example.com/path/zyx?u');

// Potential vulnerbility
var v = new URLJS('http://\\\\localhost\\');

expect(String(v)).toBe('http://localhost/');
expect(v.hostname).toBe('localhost');
expect(v.pathname).toBe('/');

v = new URLJS('http://\\\\localhost/\\');

expect(String(v)).toBe('http://localhost//');
expect(v.pathname).toBe('//');

// // Rebuild .search from .query and .hostname from .host
// delete m.search;
// delete m.hostname;
Expand Down
2 changes: 1 addition & 1 deletion url.d.ts
Expand Up @@ -2,7 +2,7 @@
* URL parser module.
*
* @license MIT
* @version 2.0.0
* @version 2.1.0
* @author Dumitru Uzun (DUzun.Me)
* @umd AMD, Browser, CommonJs, noDeps
*/
Expand Down
2 changes: 1 addition & 1 deletion url.js
Expand Up @@ -2,7 +2,7 @@
* URL parser module.
*
* @license MIT
* @version 2.0.0
* @version 2.1.0
* @author Dumitru Uzun (DUzun.Me)
* @umd AMD, Browser, CommonJs, noDeps
*/
Expand Down
2 changes: 1 addition & 1 deletion url/URL.d.ts
Expand Up @@ -2,7 +2,7 @@
* URL parser.
*
* @license MIT
* @version 2.0.0
* @version 2.1.0
* @author Dumitru Uzun (DUzun.Me)
* @umd AMD, Browser, CommonJs, noDeps
*/
Expand Down
4 changes: 2 additions & 2 deletions url/URL.js
Expand Up @@ -8,7 +8,7 @@ import { NIL, defProp, is_domain, is_url, getDomainName } from './helpers';
* URL parser.
*
* @license MIT
* @version 2.0.0
* @version 2.1.0
* @author Dumitru Uzun (DUzun.Me)
* @umd AMD, Browser, CommonJs, noDeps
*/
Expand All @@ -34,7 +34,7 @@ export default function URLJS(url, baseURL, parseQuery) {
}
return parseUrl.call(URLJS, _url.origin + _path, undefined, parseQuery);
}
throw new SyntaxError(`Failed to construct 'URL': Invalid URL`);
throw new SyntaxError(`Failed to construct 'URLJS': Invalid URL`);
}
}

Expand Down
29 changes: 22 additions & 7 deletions url/parseUrl.js
Expand Up @@ -3,11 +3,14 @@ import toObject from './toObject';

/*globals URL*/

// const _hostname_norm_exp = /^\\/g;
const _pathname_norm_exp = /\\+/;

const _parse_url_exp = new RegExp([
'^([\\w.+\\-\\*]+:)//' // protocol
, '(([^:/?#]*)(?::([^/?#]*))?@|)' // username:password
, '(([^:/?#]*)(?::(\\d+))?)' // host == hostname:port
, '(/[^?#]*|)' // pathname
, '\\\\*(([^:/\\\\?#]*)(?::(\\d+))?)' // host == hostname:port
, '([/\\\\][^?#]*|)' // pathname
, '(\\?([^#]*)|)' // search & query
, '(#.*|)$' // hash
].join(NIL));
Expand All @@ -32,13 +35,25 @@ export default function parseUrl(href, part, parseQuery) {
, i, ret = false
;
if (match) {
// if (i = match[map.hostname]) {
// match[map.hostname] = i.replace(_hostname_norm_exp, '');
// }
if (i = match[map.pathname]) {
match[map.pathname] = i.replace(_pathname_norm_exp, '/');
}

if (part && part in map) {
ret = match[map[part]] || NIL;
if (part == 'pathname') {
if (!ret) ret = '/';
}
if (parseQuery && part == 'query') {
ret = toObject(ret || NIL);
switch (part) {
case 'pathname':
if (!ret) ret = '/';
break;

case 'query':
if (parseQuery) {
ret = toObject(ret || NIL);
}
break;
}
}
else {
Expand Down

0 comments on commit 9dc9fcc

Please sign in to comment.