Merge pull request #233 from RCanine/backslashes

security(parse-url) Handle backslashes like Node.js and Chrome
medialize · Jul 24, 2015 · 5271f4e · 5271f4e
2 parents c51da7e + 8e13c11
commit 5271f4e
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 0 deletions.
diff --git a/src/URI.js b/src/URI.js
@@ -483,6 +483,12 @@
       string = string.substring(0, pos);
     }
 
+    // Copy chrome, IE, opera backslash-handling behavior.
+    // Back slashes before the query string get converted to forward slashes
+    // See: https://github.com/joyent/node/blob/master/lib/url.js
+    // See: https://code.google.com/p/chromium/issues/detail?id=25916
+    string = string.replace(/\\/g, '/');
+
     // extract protocol
     if (string.substring(0, 2) === '//') {
       // relative-scheme

diff --git a/test/urls.js b/test/urls.js
@@ -1752,6 +1752,54 @@ var urls = [{
         idn: false,
         punycode: false
       }
+    }, {
+      name: 'backslashes',
+      url: 'http://i.xss.com\\www.example.org/some/directory/file.html?query=string#fragment',
+      _url: 'http://i.xss.com/www.example.org/some/directory/file.html?query=string#fragment',
+      parts: {
+        protocol: 'http',
+        username: null,
+        password: null,
+        hostname: 'i.xss.com',
+        port: null,
+        path: '/www.example.org/some/directory/file.html',
+        query: 'query=string',
+        fragment: 'fragment'
+      },
+      accessors: {
+        protocol: 'http',
+        username: '',
+        password: '',
+        port: '',
+        path: '/www.example.org/some/directory/file.html',
+        query: 'query=string',
+        fragment: 'fragment',
+        resource: '/www.example.org/some/directory/file.html?query=string#fragment',
+        authority: 'i.xss.com',
+        userinfo: '',
+        subdomain: 'i',
+        domain: 'xss.com',
+        tld: 'com',
+        directory: '/www.example.org/some/directory',
+        filename: 'file.html',
+        suffix: 'html',
+        hash: '#fragment',
+        search: '?query=string',
+        host: 'i.xss.com',
+        hostname: 'i.xss.com'
+      },
+      is: {
+        urn: false,
+        url: true,
+        relative: false,
+        name: true,
+        sld: false,
+        ip: false,
+        ip4: false,
+        ip6: false,
+        idn: false,
+        punycode: false
+      }
     }
 ];