From 2333e4c15b16c34817387381fa89704923ee5094 Mon Sep 17 00:00:00 2001
From: Cyril Lakech <cyril.lakech@axa.fr>
Date: Wed, 30 Aug 2017 10:53:52 +0200
Subject: [PATCH 1/2] url: remove unused code from autoEscapeStr

---
 lib/url.js | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/lib/url.js b/lib/url.js
index f48ad0851235b2..615a6dee43a99d 100644
--- a/lib/url.js
+++ b/lib/url.js
@@ -360,9 +360,7 @@ Url.prototype.parse = function parse(url, parseQueryString, slashesDenoteHost) {
     // First, make 100% sure that any "autoEscape" chars get
     // escaped, even if encodeURIComponent doesn't think they
     // need to be.
-    const result = autoEscapeStr(rest);
-    if (result !== undefined)
-      rest = result;
+    rest = autoEscapeStr(rest);
   }
 
   var questionIdx = -1;
@@ -443,8 +441,7 @@ function validateHostname(self, rest, hostname) {
 
 // Automatically escape all delimiters and unwise characters from RFC 2396.
 // Also escape single quotes in case of an XSS attack.
-// Return undefined if the string doesn't need escaping,
-// otherwise return the escaped string.
+// Return the escaped string.
 function autoEscapeStr(rest) {
   var escaped = '';
   var lastEscapedPos = 0;
@@ -539,13 +536,11 @@ function autoEscapeStr(rest) {
         break;
     }
   }
-  if (lastEscapedPos === 0)  // Nothing has been escaped.
-    return;
   // There are ordinary characters at the end.
   if (lastEscapedPos < rest.length)
-    return escaped + rest.slice(lastEscapedPos);
-  else  // The last character is escaped.
-    return escaped;
+    escaped += rest.slice(lastEscapedPos);
+
+  return escaped;
 }
 
 // format a parsed object into a url string

From 5eeedc806e5082dfe7fc40dd77781fefc991eda0 Mon Sep 17 00:00:00 2001
From: Cyril Lakech <cyril.lakech@axa.fr>
Date: Thu, 31 Aug 2017 10:30:37 +0200
Subject: [PATCH 2/2] fixup! url: remove unused code from autoEscapeStr

---
 lib/url.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/url.js b/lib/url.js
index 615a6dee43a99d..887f5c29ce5a68 100644
--- a/lib/url.js
+++ b/lib/url.js
@@ -536,6 +536,9 @@ function autoEscapeStr(rest) {
         break;
     }
   }
+  if (lastEscapedPos === 0)  // Nothing has been escaped.
+    return rest;
+
   // There are ordinary characters at the end.
   if (lastEscapedPos < rest.length)
     escaped += rest.slice(lastEscapedPos);