This repository has been archived by the owner on Dec 11, 2019. It is now read-only.
Hardened isNotURL / isURL code in urlutil.js #6086
Merged
Commits on Dec 8, 2016
-
Hardened isNotURL / isURL code in urlutil.js
Fixes #5911 (which was unintentionally introduced with #4546) Also fixes these cases (no issues created yet): - view-source/mail-to/etc were not checking from beginning of string - ensures input is string (preventing failing call to trim()) And adds missing tests for: - checking localhost toLowerCase() - checking basic auth formatted URI (with and without protocol) - is input a string - each type of special page - partial bad matches on special pages Also updates tests for isURL to ensure value is always negated version of isNotURL Auditors: @bbondy, @darkdh, @diracdeltas Since this code has a very large potential impact (everything from the URL bar calls this for example), please review and help make sure I covered everything safely :) Unit test: `npm run unittest -- --grep="urlutil" Webdriver test: `npm run uitest -- --grep="when following URLs"`
-
-
-
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.