New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(parseURL, hasProtocol, isScriptProtocol): ignore leading whitespaces #170
Conversation
Codecov Report
@@ Coverage Diff @@
## main #170 +/- ##
=======================================
Coverage 94.91% 94.92%
=======================================
Files 7 7
Lines 846 847 +1
Branches 177 177
=======================================
+ Hits 803 804 +1
Misses 43 43
|
Thanks for the PR @danielroe β€οΈ I have pushed a few more fixes to always normalize/remove/ignore leading whitespaces as per spec and additional tests. I am still worried about Also thanks for reporting security issues as always @OhB00 β€οΈ Please mention if you see any more possible issues with leading whitespace handling Also please consider reporting issues according to security policy (or discord!) so that we can have a chance to internally properly discuss possible actions before public disclosure. |
Apologies for not disclosing on Huntr, I did not originally view this as a security issue |
π Linked issue
β Type of change
π Description
A couple of linked fixes with parsing protocols in URLs: https://url.spec.whatwg.org/#scheme-state
Thanks to @OhB00.
π Checklist