fix(parse): handle excessive colons in scheme delimiter

rodneyrehm · rodneyrehm · commit a8166fe02f3a · 2022-03-05T16:12:39.000+01:00
reported by @huydoppa via huntr.dev
diff --git a/src/URI.js b/src/URI.js
@@ -517,7 +517,7 @@
     }
 
     // slashes and backslashes have lost all meaning for the web protocols (https, http, wss, ws)
-    string = string.replace(/^(https?|ftp|wss?)?:[/\\]*/i, '$1://');
+    string = string.replace(/^(https?|ftp|wss?)?:+[/\\]*/i, '$1://');
 
     // extract protocol
     if (string.substring(0, 2) === '//') {
diff --git a/test/urls.js b/test/urls.js
@@ -2620,6 +2620,104 @@ var urls = [{
         idn: false,
         punycode: false
       }
+    }, {
+      name: 'excessive colon in protocol delimiter',
+      url: 'http:://www.example.org:8080/hello:world',
+      _url: 'http://www.example.org:8080/hello:world',
+      parts: {
+        protocol: 'http',
+        username: null,
+        password: null,
+        hostname: 'www.example.org',
+        port: '8080',
+        path: '/hello:world',
+        query: null,
+        fragment: null
+      },
+      accessors: {
+        protocol: 'http',
+        username: '',
+        password: '',
+        port: '8080',
+        path: '/hello:world',
+        query: '',
+        fragment: '',
+        resource: '/hello:world',
+        authority: 'www.example.org:8080',
+        origin: 'http://www.example.org:8080',
+        userinfo: '',
+        subdomain: 'www',
+        domain: 'example.org',
+        tld: 'org',
+        directory: '/',
+        filename: 'hello:world',
+        suffix: '',
+        hash: '', // location.hash style
+        search: '', // location.search style
+        host: 'www.example.org:8080',
+        hostname: 'www.example.org'
+      },
+      is: {
+        urn: false,
+        url: true,
+        relative: false,
+        name: true,
+        sld: false,
+        ip: false,
+        ip4: false,
+        ip6: false,
+        idn: false,
+        punycode: false
+      }
+    }, {
+      name: 'excessive colon in protocol delimiter backslashes',
+      url: 'http::\\\\www.example.org:8080/hello:world',
+      _url: 'http://www.example.org:8080/hello:world',
+      parts: {
+        protocol: 'http',
+        username: null,
+        password: null,
+        hostname: 'www.example.org',
+        port: '8080',
+        path: '/hello:world',
+        query: null,
+        fragment: null
+      },
+      accessors: {
+        protocol: 'http',
+        username: '',
+        password: '',
+        port: '8080',
+        path: '/hello:world',
+        query: '',
+        fragment: '',
+        resource: '/hello:world',
+        authority: 'www.example.org:8080',
+        origin: 'http://www.example.org:8080',
+        userinfo: '',
+        subdomain: 'www',
+        domain: 'example.org',
+        tld: 'org',
+        directory: '/',
+        filename: 'hello:world',
+        suffix: '',
+        hash: '', // location.hash style
+        search: '', // location.search style
+        host: 'www.example.org:8080',
+        hostname: 'www.example.org'
+      },
+      is: {
+        urn: false,
+        url: true,
+        relative: false,
+        name: true,
+        sld: false,
+        ip: false,
+        ip4: false,
+        ip6: false,
+        idn: false,
+        punycode: false
+      }
     }
 ];
 

Original file line number	Diff line number	Diff line change
`@@ -517,7 +517,7 @@`
`517`	`517`	`}`
`518`	`518`
`519`	`519`	`// slashes and backslashes have lost all meaning for the web protocols (https, http, wss, ws)`
`520`		`- string = string.replace(/^(https?\|ftp\|wss?)?:[/\\]*/i, '$1://');`
	`520`	`+ string = string.replace(/^(https?\|ftp\|wss?)?:+[/\\]*/i, '$1://');`
`521`	`521`
`522`	`522`	`// extract protocol`
`523`	`523`	`if (string.substring(0, 2) === '//') {`