Skip to content

Commit

Permalink
url: add pending-deprecation to url.parse()
Browse files Browse the repository at this point in the history
PR-URL: #47203
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Beth Griggs <bethanyngriggs@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
  • Loading branch information
anonrig authored and danielleadams committed Jul 6, 2023
1 parent 9cbf897 commit 7fb1980
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 1 deletion.
5 changes: 4 additions & 1 deletion doc/api/deprecations.md
Original file line number Diff line number Diff line change
Expand Up @@ -3271,13 +3271,16 @@ Node-API callbacks.

<!-- YAML
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/47203
description: Added support for `--pending-deprecation`.
- version:
- v18.13.0
pr-url: https://github.com/nodejs/node/pull/44919
description: Documentation-only deprecation.
-->

Type: Documentation-only
Type: Documentation-only (supports [`--pending-deprecation`][])

[`url.parse()`][] behavior is not standardized and prone to errors that
have security implications. Use the [WHATWG URL API][] instead. CVEs are not
Expand Down
15 changes: 15 additions & 0 deletions lib/url.js
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,8 @@ const {
formatUrl,
} = internalBinding('url');

const { getOptionValue } = require('internal/options');

// Original url.parse() API

function Url() {
Expand Down Expand Up @@ -147,7 +149,20 @@ const {
CHAR_COLON,
} = require('internal/constants');

let urlParseWarned = false;

function urlParse(url, parseQueryString, slashesDenoteHost) {
if (!urlParseWarned && getOptionValue('--pending-deprecation')) {
urlParseWarned = true;
process.emitWarning(
'`url.parse()` behavior is not standardized and prone to ' +
'errors that have security implications. Use the WHATWG URL API ' +
'instead. CVEs are not issued for `url.parse()` vulnerabilities.',
'DeprecationWarning',
'DEP0169',
);
}

if (url instanceof Url) return url;

const urlObject = new Url();
Expand Down

0 comments on commit 7fb1980

Please sign in to comment.