-
Notifications
You must be signed in to change notification settings - Fork 7.3k
url.parse() fails if auth contain a colon #25353
Comments
Browsers handled it this way: var parser = document.createElement('a');
parser.href = "http://us%3Aer:pass%3Aword@example.com:3000/path%3Ename/?search=some%20phrase#hash";
console.log(parser.hash); // #hash
console.log(parser.host); // example.com:3000
console.log(parser.hostname); // example.com
console.log(parser.href); // http://us%3Aer:pass%3Aword@example.com:3000/path%3Ename/?search=some%20phrase#hash
console.log(parser.origin); // http://example.com:3000
console.log(parser.password); // pass%3Aword
console.log(parser.pathname); // /path%3Ename/
console.log(parser.port); // 3000
console.log(parser.protocol); // http:
console.log(parser.search); // ?search=some%20phrase
console.log(parser.username); // us%3Aer I think is much better than the way url.parse() currently work. Though, I don't see any harm in decoding the components after the URL has been parsed. It might be nice to have a argument to disable automatic URL decoding. |
Just to be clear, this is not so much url.parse() failing (its still technically doing what its supposed to), but rather a limitation of the api (it's impossible to separate the username/password from the auth field). |
Hmm.. there appears to be a couple of failures here. Given the test case, if you look at the
Notice that That said, https://www.ietf.org/rfc/rfc3986.txt is very clear about Section 3.2.1:
So while it definitely looks like node is doing the wrong thing, I'm inclined to give this a lower priority (which doesn't mean it won't be fixed, it would just need to be after we get a few other higher priority items done first). @joyent/node-coreteam |
Some protocols ignore this advice. For example, the userinfo field is the only was to provide credentials in AMQP.
|
Understood. It definitely needs to be fixed.
|
I created a pull request to address this issue. How long do they normally take to be reviewed? |
I'll review either today or tomorrow.
|
@ben-page if you haven't done so already, can you also open an issue either at http://github.com/nodejs/node or http://github.com/nodejs/io.js that points back to this issue and the PR. That'll be the best way to ensure that everyone who needs to look at this will spot it. Given that this is an API change in a bit of code that's already being looked at, we'll want to make sure it gets broader review before landing. |
This is reported to nodejs/node issues as nodejs/node#1802. |
If the user or the password component of auth contains colons, url.parse() fails.
The output of parse() is not understood by format().
I think auth needs to be split into two fields (username and password).
The text was updated successfully, but these errors were encountered: