From ac0736b578df04ca23cc0fbf157824e57631c840 Mon Sep 17 00:00:00 2001
From: James Wright <jameswr@google.com>
Date: Thu, 9 Jan 2020 22:57:02 +0000
Subject: [PATCH] Fix authority parsing in Closure URI parser.

PiperOrigin-RevId: 288978923
---
 closure/goog/uri/utils.js      |  2 +-
 closure/goog/uri/utils_test.js | 13 +++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/closure/goog/uri/utils.js b/closure/goog/uri/utils.js
index de21348db8..bb7251e464 100644
--- a/closure/goog/uri/utils.js
+++ b/closure/goog/uri/utils.js
@@ -195,7 +195,7 @@ goog.uri.utils.splitRe_ = new RegExp(
     '(?:([^/?#]*)@)?' +  // userInfo
     '([^/#?]*?)' +       // domain
     '(?::([0-9]+))?' +   // port
-    '(?=[/#?]|$)' +      // authority-terminating character
+    '(?=[/\\\\#?]|$)' +  // authority-terminating character
     ')?' +
     '([^?#]+)?' +          // path
     '(?:\\?([^#]*))?' +    // query
diff --git a/closure/goog/uri/utils_test.js b/closure/goog/uri/utils_test.js
index d492831205..026fe14a78 100644
--- a/closure/goog/uri/utils_test.js
+++ b/closure/goog/uri/utils_test.js
@@ -106,6 +106,19 @@ testSuite({
     assertEquals('fragment', utils.getFragment(uri));
   },
 
+  testSplitMaliciousUri() {
+    const uri = 'https://malicious.com\\test.google.com';
+    assertEquals('https', utils.getScheme(uri));
+    assertEquals('malicious.com', utils.getDomain(uri));
+    assertEquals('malicious.com', utils.getDomainEncoded(uri));
+    assertNull(utils.getPort(uri));
+    assertEquals('\\test.google.com', utils.getPathEncoded(uri));
+    assertEquals('\\test.google.com', utils.getPath(uri));
+    assertNull(utils.getQueryData(uri));
+    assertNull(utils.getFragmentEncoded(uri));
+    assertNull(utils.getFragment(uri));
+  },
+
   testSplitBadAuthority() {
     // This URL has a syntax error per the RFC (port number must be digits, and
     // host cannot contain a colon except in [...]). This test is solely to