File tree 2 files changed +53
-2
lines changed
2 files changed +53
-2
lines changed Original file line number Diff line number Diff line change 612612 } ;
613613 URI . parseUserinfo = function ( string , parts ) {
614614 // extract username:password
615+ var firstBackSlash = string . indexOf ( '\\' ) ;
615616 var firstSlash = string . indexOf ( '/' ) ;
617+ var slash = firstBackSlash === - 1 ? firstSlash : ( firstSlash !== - 1 ? Math . min ( firstBackSlash , firstSlash ) : firstSlash )
616618 var pos = string . lastIndexOf ( '@' , firstSlash > - 1 ? firstSlash : string . length - 1 ) ;
617619 var t ;
618620
619- // authority@ must come before /path
620- if ( pos > - 1 && ( firstSlash === - 1 || pos < firstSlash ) ) {
621+ // authority@ must come before /path or \path
622+ if ( pos > - 1 && ( slash === - 1 || pos < slash ) ) {
621623 t = string . substring ( 0 , pos ) . split ( ':' ) ;
622624 parts . username = t [ 0 ] ? URI . decode ( t [ 0 ] ) : null ;
623625 t . shift ( ) ;
Original file line number Diff line number Diff line change @@ -1984,6 +1984,55 @@ var urls = [{
19841984 idn : false ,
19851985 punycode : false
19861986 }
1987+ } , {
1988+ name : 'backslashes authority' ,
1989+ url : 'https://attacker.com\\@example.com/some/directory/file.html?query=string#fragment' ,
1990+ _url : 'https://attacker.com/@example.com/some/directory/file.html?query=string#fragment' ,
1991+ parts : {
1992+ protocol : 'https' ,
1993+ username : null ,
1994+ password : null ,
1995+ hostname : 'attacker.com' ,
1996+ port : null ,
1997+ path : '/@example.com/some/directory/file.html' ,
1998+ query : 'query=string' ,
1999+ fragment : 'fragment'
2000+ } ,
2001+ accessors : {
2002+ protocol : 'https' ,
2003+ username : '' ,
2004+ password : '' ,
2005+ port : '' ,
2006+ path : '/@example.com/some/directory/file.html' ,
2007+ query : 'query=string' ,
2008+ fragment : 'fragment' ,
2009+ resource : '/@example.com/some/directory/file.html?query=string#fragment' ,
2010+ authority : 'attacker.com' ,
2011+ origin : 'https://attacker.com' ,
2012+ userinfo : '' ,
2013+ subdomain : '' ,
2014+ domain : 'attacker.com' ,
2015+ tld : 'com' ,
2016+ directory : '/@example.com/some/directory' ,
2017+ filename : 'file.html' ,
2018+ suffix : 'html' ,
2019+ hash : '#fragment' ,
2020+ search : '?query=string' ,
2021+ host : 'attacker.com' ,
2022+ hostname : 'attacker.com'
2023+ } ,
2024+ is : {
2025+ urn : false ,
2026+ url : true ,
2027+ relative : false ,
2028+ name : true ,
2029+ sld : false ,
2030+ ip : false ,
2031+ ip4 : false ,
2032+ ip6 : false ,
2033+ idn : false ,
2034+ punycode : false
2035+ }
19872036 }
19882037] ;
19892038
You can’t perform that action at this time.
0 commit comments