Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

url: origin of "blob:" URL containing inner non-"http(s):" URL #48168

Closed
wants to merge 2 commits into from
Closed

url: origin of "blob:" URL containing inner non-"http(s):" URL #48168

wants to merge 2 commits into from

Conversation

hemanth
Copy link
Contributor

@hemanth hemanth commented May 25, 2023
edited
Loading

Fixes #48157 ?

P.S: Will write tests, if this makes sense.

@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/url

@nodejs-github-bot nodejs-github-bot added needs-ci PRs that need a full CI run. whatwg-url Issues and PRs related to the WHATWG URL implementation. labels May 25, 2023
anonrig
anonrig reviewed May 25, 2023
View reviewed changes
Copy link
Member

@anonrig anonrig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You need to also update WPT using git node wpt url in the root of the Node.js repository, and include them in the same commit, since this is a breaking change.

More information can be found from: https://github.com/nodejs/node-core-utils/blob/main/docs/git-node.md#example-3

lib/internal/url.js
@@ -840,6 +840,9 @@ class URL {
if (path.length > 0) {
try {
const out = new URL(path);
if(out.protocol !== 'https:') {
return 'null';
}
Copy link
Member

@anonrig anonrig May 25, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The standard says that

If pathURL’s scheme is not "http" and not "https", then return a new opaque origin.

For performance reasons, we avoid having string comparisons and calling getters which runs a string.prototype.slice. We can however use scheme_type numeric value.

If you look into the declaration of scheme_type variable in lib/internal/url.js, you can find the following comment:

  /**
   * Refers to `ada::scheme::type`
   *
   * enum type : uint8_t {
   *   HTTP = 0,
   *   NOT_SPECIAL = 1,
   *   HTTPS = 2,
   *   WS = 3,
   *   FTP = 4,
   *   WSS = 5,
   *   FILE = 6
   * };
   * @type {number}
   */

For this particular case: we need to change line 846 to:

if (out.#context.scheme_type === 0 || out.#context.scheme_type === 2)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, thank you. I did notice out.#context.scheme_type !== 1 but didn't pay attention to the comment.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@anonrig commit looks better, now?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can this enum be exported to js in some way? would be good to not just have magic numbers floating around

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At the very least, please add a comment indicating where the numbers come from

@hemanth
Copy link
Contributor Author

hemanth commented May 26, 2023

@anonrig Currently, my official machine has some restrictions due to VPN:

❯ npm install -g node-core-utils
npm ERR! code E403
npm ERR! 403 403 Forbidden - GET https://registry.npmjs.org/node-core-utils
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.

Ran out of my codespace, personal machine is broken. Stuck!

@hemanth
Copy link
Contributor Author

hemanth commented May 26, 2023

Looks like something is broken in my local:

image

anonrig
anonrig reviewed May 26, 2023
View reviewed changes
lib/internal/url.js Outdated Show resolved Hide resolved
@hemanth
Copy link
Contributor Author

hemanth commented Jun 11, 2023

@anonrig should we close this on behalf of #48319 ?

@anonrig
Copy link
Member

anonrig commented Jun 11, 2023

@anonrig should we close this on behalf of #48319 ?

Yes. Thank you for your contribution.

@anonrig anonrig closed this Jun 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@devsnek devsnek devsnek left review comments

@anonrig anonrig anonrig left review comments

@jasnell jasnell jasnell left review comments

Assignees
No one assigned
Labels
needs-ci PRs that need a full CI run. whatwg-url Issues and PRs related to the WHATWG URL implementation.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Return opaque origin for blob: URL containing inner non-http(s): URL
5 participants
@hemanth @nodejs-github-bot @anonrig @jasnell @devsnek