fix(parse): treat backslash as forwardslash in authority

medialize · Dec 20, 2020 · 4f45faf · 4f45faf
1 parent 594ffc1
commit 4f45faf
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 2 deletions.
diff --git a/src/URI.js b/src/URI.js
@@ -612,12 +612,14 @@
   };
   URI.parseUserinfo = function(string, parts) {
     // extract username:password
+    var firstBackSlash = string.indexOf('\\');
     var firstSlash = string.indexOf('/');
+    var slash = firstBackSlash === -1 ? firstSlash : (firstSlash !== -1 ? Math.min(firstBackSlash, firstSlash): firstSlash)
     var pos = string.lastIndexOf('@', firstSlash > -1 ? firstSlash : string.length - 1);
     var t;
 
-    // authority@ must come before /path
-    if (pos > -1 && (firstSlash === -1 || pos < firstSlash)) {
+    // authority@ must come before /path or \path
+    if (pos > -1 && (slash === -1 || pos < slash)) {
       t = string.substring(0, pos).split(':');
       parts.username = t[0] ? URI.decode(t[0]) : null;
       t.shift();

diff --git a/test/urls.js b/test/urls.js
@@ -1984,6 +1984,55 @@ var urls = [{
         idn: false,
         punycode: false
       }
+    }, {
+      name: 'backslashes authority',
+      url: 'https://attacker.com\\@example.com/some/directory/file.html?query=string#fragment',
+      _url: 'https://attacker.com/@example.com/some/directory/file.html?query=string#fragment',
+      parts: {
+        protocol: 'https',
+        username: null,
+        password: null,
+        hostname: 'attacker.com',
+        port: null,
+        path: '/@example.com/some/directory/file.html',
+        query: 'query=string',
+        fragment: 'fragment'
+      },
+      accessors: {
+        protocol: 'https',
+        username: '',
+        password: '',
+        port: '',
+        path: '/@example.com/some/directory/file.html',
+        query: 'query=string',
+        fragment: 'fragment',
+        resource: '/@example.com/some/directory/file.html?query=string#fragment',
+        authority: 'attacker.com',
+        origin: 'https://attacker.com',
+        userinfo: '',
+        subdomain: '',
+        domain: 'attacker.com',
+        tld: 'com',
+        directory: '/@example.com/some/directory',
+        filename: 'file.html',
+        suffix: 'html',
+        hash: '#fragment',
+        search: '?query=string',
+        host: 'attacker.com',
+        hostname: 'attacker.com'
+      },
+      is: {
+        urn: false,
+        url: true,
+        relative: false,
+        name: true,
+        sld: false,
+        ip: false,
+        ip4: false,
+        ip6: false,
+        idn: false,
+        punycode: false
+      }
     }
 ];