Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v14.x backport] lib: fix regular expression to detect / and \ #40564

Closed
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/internal/modules/esm/resolve.js
Original file line number Diff line number Diff line change
Expand Up @@ -278,7 +278,7 @@ function resolveDirectoryEntry(search) {
return resolveExtensions(new URL('index', search));
}

const encodedSepRegEx = /%2F|%2C/i;
const encodedSepRegEx = /%2F|%5C/i;
function finalizeResolution(resolved, base) {
if (RegExpPrototypeTest(encodedSepRegEx, resolved.pathname))
throw new ERR_INVALID_MODULE_SPECIFIER(
Expand Down
3 changes: 3 additions & 0 deletions test/es-module/test-esm-encoded-path.mjs
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,8 @@ import '../common/index.mjs';
import assert from 'assert';
// ./test-esm-ok.mjs
import ok from '../fixtures/es-modules/test-%65%73%6d-ok.mjs';
// ./test-esm-comma,.mjs
import comma from '../fixtures/es-modules/test-esm-comma%2c.mjs';

assert(ok);
assert(comma);
5 changes: 4 additions & 1 deletion test/es-module/test-esm-exports.mjs
Original file line number Diff line number Diff line change
Expand Up @@ -176,10 +176,13 @@ import fromInside from '../fixtures/node_modules/pkgexports/lib/hole.js';
}));
}

// The use of %2F escapes in paths fails loading
// The use of %2F and %5C escapes in paths fails loading
loadFixture('pkgexports/sub/..%2F..%2Fbar.js').catch(mustCall((err) => {
strictEqual(err.code, 'ERR_INVALID_MODULE_SPECIFIER');
}));
loadFixture('pkgexports/sub/..%5C..%5Cbar.js').catch(mustCall((err) => {
strictEqual(err.code, 'ERR_INVALID_MODULE_SPECIFIER');
}));

// Package export with numeric index properties must throw a validation error
loadFixture('pkgexports-numeric').catch(mustCall((err) => {
Expand Down
6 changes: 4 additions & 2 deletions test/es-module/test-esm-imports.mjs
Original file line number Diff line number Diff line change
Expand Up @@ -55,13 +55,15 @@ const { requireImport, importImport } = importer;
// Backtracking below the package base
['#subpath/sub/../../../belowbase', 'request is not a valid subpath'],
// Percent-encoded slash errors
['#external/subpath/x%2Fy', 'must not include encoded "/"'],
['#external/subpath/x%2Fy', 'must not include encoded "/" or "\\"'],
['#external/subpath/x%5Cy', 'must not include encoded "/" or "\\"'],
// Target must have a name
['#', '#'],
// Initial slash target must have a leading name
['#/initialslash', '#/initialslash'],
// Percent-encoded target paths
['#percent', 'must not include encoded "/"'],
['#encodedslash', 'must not include encoded "/" or "\\"'],
['#encodedbackslash', 'must not include encoded "/" or "\\"'],
]);

for (const [specifier, expected] of invalidImportSpecifiers) {
Expand Down
4 changes: 4 additions & 0 deletions test/es-module/test-esm-pkgname.mjs
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ importFixture('as%2Ff').catch(mustCall((err) => {
strictEqual(err.code, 'ERR_INVALID_MODULE_SPECIFIER');
}));

importFixture('as%5Cf').catch(mustCall((err) => {
strictEqual(err.code, 'ERR_INVALID_MODULE_SPECIFIER');
}));

importFixture('as\\df').catch(mustCall((err) => {
strictEqual(err.code, 'ERR_INVALID_MODULE_SPECIFIER');
}));
Expand Down
3 changes: 2 additions & 1 deletion test/fixtures/es-modules/pkgimports/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
"#": "./test.js",
"#/initialslash": "./test.js",
"#notfound": "./notfound.js",
"#percent": "./..%2F/x.js"
"#encodedslash": "./..%2F/x.js",
"#encodedbackslash": "./..%5C/x.js"
}
}
1 change: 1 addition & 0 deletions test/fixtures/es-modules/test-esm-comma,.mjs
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
export default ',';