Skip to content


Subversion checkout URL

You can clone with
Download ZIP
tag: v0.8.24

url: Properly parse certain oddly formed urls

In cases where there are multiple @-chars in a url, Node currently
parses the hostname and auth sections differently than web browsers.

This part of the bug is serious, and should be landed in v0.10, and
also ported to v0.8, and releases made as soon as possible.

The less serious issue is that there are many other sorts of malformed
urls which Node either accepts when it should reject, or interprets
differently than web browsers.  For example, `*foo` is
interpreted by Node like `*foo` when web browsers treat
this as ``.

In general, *only* the `hostEndingChars` should be the characters that
delimit the host portion of the URL.  Most of the current `nonHostChars`
that appear in the hostname should be escaped, but some of them (such as
`;` and `%` when it does not introduce a hex pair) should raise an

We need to have a broader discussion about whether it's best to throw in
these cases, and potentially break extant programs, or return an object
that has every field set to `null` so that any attempt to read the
hostname/auth/etc. will appear to be empty.
latest commit ba0ed00b5f
@isaacs isaacs authored
Failed to load latest commit information.
_debugger.js Remove octal escape sequences and avoid reserved keyword
_linklist.js Update copyright headers
assert.js assert: fix throws() throws an error without message property
buffer.js buffer: slow buffer copy compatibility fix
buffer_ieee754.js Fixed a lot of jslint errors.
child_process.js child_process: fix sending utf-8 to child process
cluster.js Avoid redeclaring variable
constants.js Update copyright headers
crypto.js Merge remote-tracking branch 'ry/v0.6' into v0.6-merge
dgram.js dgram: don't assert on send('string')
dns.js dns: make error message match errno
domain.js domain: Remove stray console.log
events.js events: Don't clobber pre-existing _events obj in EE ctor
freelist.js Update copyright headers
fs.js fs: fix WriteStream fd leak
http.js http: Don't try to destroy nonexistent sockets
https.js https: make https.get() accept a URL
module.js module: add filename to require() json errors
net.js cluster: propagate bind errors
os.js Add --no-deprecation and --trace-deprecation flags
path.js Add --no-deprecation and --trace-deprecation flags
punycode.js punycode: Update to v1.0.0
querystring.js trivial: Doc typo and lint fix
stream.js stream.pipe: Don't call destroy() unless it's a function
string_decoder.js string_decoder: added support for UTF-16LE
sys.js Fix #3577 Un-break require('sys')
timers.js timers: fix handling of large timeouts
tty.js Add --no-deprecation and --trace-deprecation flags
url.js url: Properly parse certain oddly formed urls
util.js util: make util.inspect() work when "hasOwnProperty" is overwritten
vm.js lint
Something went wrong with that request. Please try again.