Skip to content

Commit

Permalink
errors: removed input from ERR_INVALID_URL message
Browse files Browse the repository at this point in the history
Avoid potentially huge messages and leaked secrets.
  • Loading branch information
moander committed May 12, 2021
1 parent 7c8a608 commit 53298f8
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 10 deletions.
3 changes: 2 additions & 1 deletion lib/internal/errors.js
Original file line number Diff line number Diff line change
Expand Up @@ -1265,7 +1265,8 @@ E('ERR_INVALID_TUPLE', '%s must be an iterable %s tuple', TypeError);
E('ERR_INVALID_URI', 'URI malformed', URIError);
E('ERR_INVALID_URL', function(input) {
this.input = input;
return `Invalid URL: ${input}`;
// Don't include URL in message (see #38614)
return 'Invalid URL';
}, TypeError);
E('ERR_INVALID_URL_SCHEME',
(expected) => {
Expand Down
12 changes: 8 additions & 4 deletions test/es-module/test-esm-loader-invalid-url.mjs
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,12 @@ import { expectsError, mustCall } from '../common/index.mjs';
import assert from 'assert';

import('../fixtures/es-modules/test-esm-ok.mjs')
.then(assert.fail, expectsError({
code: 'ERR_INVALID_URL',
message: 'Invalid URL: ../fixtures/es-modules/test-esm-ok.mjs'
}))
.then(assert.fail, (error) => {
expectsError({
code: 'ERR_INVALID_URL',
message: 'Invalid URL'
})(error);

assert.strictEqual(error.input, '../fixtures/es-modules/test-esm-ok.mjs');
})
.then(mustCall());
8 changes: 3 additions & 5 deletions test/parallel/test-whatwg-url-custom-parsing.js
Original file line number Diff line number Diff line change
Expand Up @@ -55,11 +55,9 @@ for (const test of failureTests) {
() => new URL(test.input, test.base),
(error) => {
assert.throws(() => { throw error; }, expectedError);

// The input could be processed, so we don't do strict matching here
let match;
assert(match = (`${error}`).match(/Invalid URL: (.*)$/));
assert.strictEqual(error.input, match[1]);
assert.strictEqual(`${error}`, 'TypeError [ERR_INVALID_URL]: Invalid URL');
assert.strictEqual(error.message, 'Invalid URL');
assert.strictEqual(error.input, test.input);
return true;
});
}
Expand Down

0 comments on commit 53298f8

Please sign in to comment.