Merge branch 'master' into gh-pages

Author: rodneyrehm

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 The release notes tracked in this document are also made available on the [releases page](https://github.com/medialize/URI.js/releases)
 
+### 1.19.10 (March 5th 2022) ###
+
+* **SECURITY** fixing [`URI.parse()`](http://medialize.github.io/URI.js/docs.html#static-parse) handle excessive colons in protocol delimiter - disclosed by [huydoppa](https://github.com/huydoppa) via https://huntr.dev/
+
 ### 1.19.9 (March 3rd 2022) ###
 
 * **SECURITY** fixing [`URI.parse()`](http://medialize.github.io/URI.js/docs.html#static-parse) handle leading whitespace - disclosed by [p0cas](https://github.com/p0cas) via https://huntr.dev/

bower.json

@@ -1,6 +1,6 @@
 {
   "name": "urijs",
-  "version": "1.19.9",
+  "version": "1.19.10",
   "main": "src/URI.js",
   "ignore": [
     ".*",

build.js

@@ -29,7 +29,7 @@ function build(files) {
             output_format: "text",
             output_info: "compiled_code"
         }, function(data) {
-            var code = "/*! URI.js v1.19.9 http://medialize.github.io/URI.js/ */\n/* build contains: " + files.join(', ') + " */\n" + data;
+            var code = "/*! URI.js v1.19.10 http://medialize.github.io/URI.js/ */\n/* build contains: " + files.join(', ') + " */\n" + data;
             $progress.hide();
             $out.val(code).parent().show();
             $out.prev().find('a').remove();

package.json

@@ -1,6 +1,6 @@
 {
   "name": "urijs",
-  "version": "1.19.9",
+  "version": "1.19.10",
   "title": "URI.js - Mutating URLs",
   "author": {
     "name": "Rodney Rehm",

src/IPv6.js

@@ -2,7 +2,7 @@
  * URI.js - Mutating URLs
  * IPv6 Support
  *
- * Version: 1.19.9
+ * Version: 1.19.10
  *
  * Author: Rodney Rehm
  * Web: http://medialize.github.io/URI.js/

src/SecondLevelDomains.js

@@ -2,7 +2,7 @@
  * URI.js - Mutating URLs
  * Second Level Domain (SLD) Support
  *
- * Version: 1.19.9
+ * Version: 1.19.10
  *
  * Author: Rodney Rehm
  * Web: http://medialize.github.io/URI.js/

src/URI.js

@@ -1,7 +1,7 @@
 /*!
  * URI.js - Mutating URLs
  *
- * Version: 1.19.9
+ * Version: 1.19.10
  *
  * Author: Rodney Rehm
  * Web: http://medialize.github.io/URI.js/
@@ -81,7 +81,7 @@
     return /^[0-9]+$/.test(value);
   }
 
-  URI.version = '1.19.9';
+  URI.version = '1.19.10';
 
   var p = URI.prototype;
   var hasOwn = Object.prototype.hasOwnProperty;
@@ -517,7 +517,7 @@
     }
 
     // slashes and backslashes have lost all meaning for the web protocols (https, http, wss, ws)
-    string = string.replace(/^(https?|ftp|wss?)?:[/\\]*/i, '$1://');
+    string = string.replace(/^(https?|ftp|wss?)?:+[/\\]*/i, '$1://');
 
     // extract protocol
     if (string.substring(0, 2) === '//') {

src/URI.min.js

@@ -2,7 +2,7 @@
  * URI.js - Mutating URLs
  * URI Template Support - http://tools.ietf.org/html/rfc6570
  *
- * Version: 1.19.9
+ * Version: 1.19.10
  *
  * Author: Rodney Rehm
  * Web: http://medialize.github.io/URI.js/

src/URITemplate.js

@@ -2,7 +2,7 @@
  * URI.js - Mutating URLs
  * jQuery Plugin
  *
- * Version: 1.19.9
+ * Version: 1.19.10
  *
  * Author: Rodney Rehm
  * Web: http://medialize.github.io/URI.js/jquery-uri-plugin.html

src/jquery.URI.js

@@ -2620,6 +2620,104 @@ var urls = [{
         idn: false,
         punycode: false
       }
+    }, {
+      name: 'excessive colon in protocol delimiter',
+      url: 'http:://www.example.org:8080/hello:world',
+      _url: 'http://www.example.org:8080/hello:world',
+      parts: {
+        protocol: 'http',
+        username: null,
+        password: null,
+        hostname: 'www.example.org',
+        port: '8080',
+        path: '/hello:world',
+        query: null,
+        fragment: null
+      },
+      accessors: {
+        protocol: 'http',
+        username: '',
+        password: '',
+        port: '8080',
+        path: '/hello:world',
+        query: '',
+        fragment: '',
+        resource: '/hello:world',
+        authority: 'www.example.org:8080',
+        origin: 'http://www.example.org:8080',
+        userinfo: '',
+        subdomain: 'www',
+        domain: 'example.org',
+        tld: 'org',
+        directory: '/',
+        filename: 'hello:world',
+        suffix: '',
+        hash: '', // location.hash style
+        search: '', // location.search style
+        host: 'www.example.org:8080',
+        hostname: 'www.example.org'
+      },
+      is: {
+        urn: false,
+        url: true,
+        relative: false,
+        name: true,
+        sld: false,
+        ip: false,
+        ip4: false,
+        ip6: false,
+        idn: false,
+        punycode: false
+      }
+    }, {
+      name: 'excessive colon in protocol delimiter backslashes',
+      url: 'http::\\\\www.example.org:8080/hello:world',
+      _url: 'http://www.example.org:8080/hello:world',
+      parts: {
+        protocol: 'http',
+        username: null,
+        password: null,
+        hostname: 'www.example.org',
+        port: '8080',
+        path: '/hello:world',
+        query: null,
+        fragment: null
+      },
+      accessors: {
+        protocol: 'http',
+        username: '',
+        password: '',
+        port: '8080',
+        path: '/hello:world',
+        query: '',
+        fragment: '',
+        resource: '/hello:world',
+        authority: 'www.example.org:8080',
+        origin: 'http://www.example.org:8080',
+        userinfo: '',
+        subdomain: 'www',
+        domain: 'example.org',
+        tld: 'org',
+        directory: '/',
+        filename: 'hello:world',
+        suffix: '',
+        hash: '', // location.hash style
+        search: '', // location.search style
+        host: 'www.example.org:8080',
+        hostname: 'www.example.org'
+      },
+      is: {
+        urn: false,
+        url: true,
+        relative: false,
+        name: true,
+        sld: false,
+        ip: false,
+        ip4: false,
+        ip6: false,
+        idn: false,
+        punycode: false
+      }
     }
 ];