Skip to content

Commit

Permalink
fix(parse): treat backslash as forwardslash in authority
Browse files Browse the repository at this point in the history
  • Loading branch information
rodneyrehm committed Dec 20, 2020
1 parent 594ffc1 commit 4f45faf
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 2 deletions.
6 changes: 4 additions & 2 deletions src/URI.js
Original file line number Diff line number Diff line change
Expand Up @@ -612,12 +612,14 @@
};
URI.parseUserinfo = function(string, parts) {
// extract username:password
var firstBackSlash = string.indexOf('\\');
var firstSlash = string.indexOf('/');
var slash = firstBackSlash === -1 ? firstSlash : (firstSlash !== -1 ? Math.min(firstBackSlash, firstSlash): firstSlash)
var pos = string.lastIndexOf('@', firstSlash > -1 ? firstSlash : string.length - 1);
var t;

// authority@ must come before /path
if (pos > -1 && (firstSlash === -1 || pos < firstSlash)) {
// authority@ must come before /path or \path
if (pos > -1 && (slash === -1 || pos < slash)) {
t = string.substring(0, pos).split(':');
parts.username = t[0] ? URI.decode(t[0]) : null;
t.shift();
Expand Down
49 changes: 49 additions & 0 deletions test/urls.js
Original file line number Diff line number Diff line change
Expand Up @@ -1984,6 +1984,55 @@ var urls = [{
idn: false,
punycode: false
}
}, {
name: 'backslashes authority',
url: 'https://attacker.com\\@example.com/some/directory/file.html?query=string#fragment',
_url: 'https://attacker.com/@example.com/some/directory/file.html?query=string#fragment',
parts: {
protocol: 'https',
username: null,
password: null,
hostname: 'attacker.com',
port: null,
path: '/@example.com/some/directory/file.html',
query: 'query=string',
fragment: 'fragment'
},
accessors: {
protocol: 'https',
username: '',
password: '',
port: '',
path: '/@example.com/some/directory/file.html',
query: 'query=string',
fragment: 'fragment',
resource: '/@example.com/some/directory/file.html?query=string#fragment',
authority: 'attacker.com',
origin: 'https://attacker.com',
userinfo: '',
subdomain: '',
domain: 'attacker.com',
tld: 'com',
directory: '/@example.com/some/directory',
filename: 'file.html',
suffix: 'html',
hash: '#fragment',
search: '?query=string',
host: 'attacker.com',
hostname: 'attacker.com'
},
is: {
urn: false,
url: true,
relative: false,
name: true,
sld: false,
ip: false,
ip4: false,
ip6: false,
idn: false,
punycode: false
}
}
];

0 comments on commit 4f45faf

Please sign in to comment.