MIME type overmatch in data URLs #48957
Comments
|
Good catch. FYI if you paste a "Permalink URL", it will show the line(s) of code: node/lib/internal/modules/esm/formats.js Line 29 in fe514bf Would you like to send a PR to fix this? |
aduh95
added
confirmed-bug
|
No thanks, I won't be able to get to this. |
|
@aduh95 i will be happy to help with this bug |
I would be glad helping with this, too. Feel free to reach me if you want to. |
|
I started working on it, but I'm figuring out that the MIME type may be wrong overall. The current regexp also allow As https://datatracker.ietf.org/doc/html/rfc9239 stands that |
|
As the previous PR got closed and it seems that nobody is currently working on this issue I would like to submit a PR :) Edit: The change is pretty simple, I'm now creating a test case. |
This commit adds the delimiters ^ and $ to the regex that matches the data MIME types. Fixes: nodejs#48957
This commit adds the delimiters ^ and $ to the regex that matches the MIME types for "data:URLs". Fixes: nodejs#48957
This commit adds the delimiters ^ and $ to the regex that matches the MIME types for "data:URLs". Fixes: nodejs#48957
This commit adds the delimiters ^ and $ to the regex that matches the MIME types for "data:URLs". Fixes: nodejs#48957
This commit adds the delimiters ^ and $ to the regex that matches the MIME types for "data:URLs". Fixes: nodejs#48957
This commit adds the delimiters ^ and $ to the regex that matches the MIME types for `data:` URLs. PR-URL: nodejs#49104 Fixes: nodejs#48957 Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
This commit adds the delimiters ^ and $ to the regex that matches the MIME types for `data:` URLs. PR-URL: nodejs#49104 Fixes: nodejs#48957 Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
This commit adds the delimiters ^ and $ to the regex that matches the MIME types for `data:` URLs. PR-URL: nodejs#49104 Fixes: nodejs#48957 Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
This commit adds the delimiters ^ and $ to the regex that matches the MIME types for `data:` URLs. PR-URL: nodejs/node#49104 Fixes: nodejs/node#48957 Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
This commit adds the delimiters ^ and $ to the regex that matches the MIME types for `data:` URLs. PR-URL: nodejs/node#49104 Fixes: nodejs/node#48957 Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Version
v20.5.0
Platform
Linux host 5.19.0-45-generic #46-Ubuntu SMP PREEMPT_DYNAMIC Wed Jun 7 09:08:58 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Subsystem
modules
What steps will reproduce the bug?
Execute this command.
node --input-type=module --eval 'import "data:ONCEUPONAtext/javascriptTHEREWASASNEAKYMODULE,console.log(\"EVALUATED\")"'The incorrectly typed inline module is evaluated. The string is logged to the console.
How often does it reproduce? Is there a required condition?
Consistently.
What is the expected behavior? Why is that the expected behavior?
An incorrect MIME type is forbidden.
What do you see instead?
The module is evaluated.
Additional information
formats.jshas a regex matching the MIME type./\s*(text|application)\/javascript\s*(;\s*charset=utf-?8\s*)?/iThis will match any MIME type that contains
(text|application)/javascriptanywhere. It maybe needs start and end anchors.The text was updated successfully, but these errors were encountered: