New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does protocol casing affect the URL parsing? #32

Open

armanm opened this issue Feb 14, 2017 · 1 comment

Assignees

armanm commented Feb 14, 2017

I don't know enough about URL parsing to know if this is the correct behaviour but here is a test case:

const URL = require('url')

URL.parse('javascript:ALERT(DOCUMENT.DOMAIN)').href
// => 'javascript:ALERT(DOCUMENT.DOMAIN)'

URL.parse('JAVASCRIPT:ALERT(DOCUMENT.DOMAIN)').href
// => 'javascript:alert/(DOCUMENT.DOMAIN)'

As you can see in the latter example when protocol is specified in upper case, the href ends up partly lowercased and with an extra slash.

Could someone explain if this is a bug or a correct behaviour?

Collaborator

ljharb commented Jan 27, 2021

In node 6+, i get 'javascript:ALERT(DOCUMENT.DOMAIN)' in both examples. In this module and node < 6, I get the behavior you report.

In other words, this is correct for older node versions, but is incorrect for later ones, so we'll fix this as part of updating the implementation.

ljharb self-assigned this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment