src: handle url crash on different url formats

RafaelGSS · juanarbol · commit cba66c48a583 · 2026-03-23T13:16:52.000-05:00
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com> PR-URL: nodejs-private/node-private#816 CVE-ID: CVE-2026-21712
diff --git a/src/node_url.cc b/src/node_url.cc
@@ -344,7 +344,13 @@ void BindingData::Format(const FunctionCallbackInfo<Value>& args) {
   // directly want to manipulate the url components without using the respective
   // setters. therefore we are using ada::url here.
   auto out = ada::parse<ada::url>(href.ToStringView());
-  CHECK(out);
+  if (!out) {
+    // If the href cannot be re-parsed (e.g. due to ada parser inconsistencies
+    // with certain IDN hostnames), return the original href unmodified rather
+    // than crashing.
+    args.GetReturnValue().Set(args[0]);
+    return;
+  }
 
   if (!hash) {
     out->hash = std::nullopt;
diff --git a/test/parallel/test-url-format-whatwg.js b/test/parallel/test-url-format-whatwg.js
@@ -147,3 +147,11 @@ test('should format tel: prefix', { skip: !hasIntl }, () => {
     url.format(new URL('tel:123'), { unicode: true })
   );
 });
+
+// Regression test: url.format should not crash on URLs that ada::url_aggregator
+// can parse but ada::url cannot (e.g. special scheme URLs with opaque paths).
+test('should not crash on URLs with invalid IDN hostnames', () => {
+  const u = new URL('ws:xn-\u022B');
+  // doesNotThrow
+  url.format(u, { fragment: false, unicode: false, auth: false, search: false });
+});
