Skip to content

Commit

Permalink
fix(parse): treat backslash as forwardslash in authority (#403)
Browse files Browse the repository at this point in the history
  • Loading branch information
alesandroortiz authored Dec 23, 2020
1 parent d7064ab commit b02bf03
Show file tree
Hide file tree
Showing 2 changed files with 55 additions and 3 deletions.
9 changes: 6 additions & 3 deletions src/URI.js
Original file line number Diff line number Diff line change
Expand Up @@ -612,19 +612,22 @@
};
URI.parseUserinfo = function(string, parts) {
// extract username:password
var _string = string
var firstBackSlash = string.indexOf('\\');
if (firstBackSlash !== -1) {
string = string.replace(/\\/g, '/')
}
var firstSlash = string.indexOf('/');
var slash = firstBackSlash === -1 ? firstSlash : (firstSlash !== -1 ? Math.min(firstBackSlash, firstSlash): firstSlash)
var pos = string.lastIndexOf('@', firstSlash > -1 ? firstSlash : string.length - 1);
var t;

// authority@ must come before /path or \path
if (pos > -1 && (slash === -1 || pos < slash)) {
if (pos > -1 && (firstSlash === -1 || pos < firstSlash)) {
t = string.substring(0, pos).split(':');
parts.username = t[0] ? URI.decode(t[0]) : null;
t.shift();
parts.password = t[0] ? URI.decode(t.join(':')) : null;
string = string.substring(pos + 1);
string = _string.substring(pos + 1);
} else {
parts.username = null;
parts.password = null;
Expand Down
49 changes: 49 additions & 0 deletions test/urls.js
Original file line number Diff line number Diff line change
Expand Up @@ -2033,6 +2033,55 @@ var urls = [{
idn: false,
punycode: false
}
}, {
name: 'backslashes authority, no ending slash',
url: 'https://attacker.com\\@example.com',
_url: 'https://attacker.com/@example.com',
parts: {
protocol: 'https',
username: null,
password: null,
hostname: 'attacker.com',
port: null,
path: '/@example.com',
query: null,
fragment: null
},
accessors: {
protocol: 'https',
username: '',
password: '',
port: '',
path: '/@example.com',
query: '',
fragment: '',
resource: '/@example.com',
authority: 'attacker.com',
origin: 'https://attacker.com',
userinfo: '',
subdomain: '',
domain: 'attacker.com',
tld: 'com',
directory: '/',
filename: '@example.com',
suffix: 'com',
hash: '',
search: '',
host: 'attacker.com',
hostname: 'attacker.com'
},
is: {
urn: false,
url: true,
relative: false,
name: true,
sld: false,
ip: false,
ip4: false,
ip6: false,
idn: false,
punycode: false
}
}
];

0 comments on commit b02bf03

Please sign in to comment.