diff options
author | Matteo Collina <hello@matteocollina.com> | 2018-09-10 12:57:07 +0200 |
---|---|---|
committer | Rod Vagg <rod@vagg.org> | 2018-11-28 11:36:34 +1100 |
commit | b77f699a84219702ccef6387882c0fdcb58529bb (patch) | |
tree | 184b40b30b832b5caf6fd28219144f1167b13b59 /lib/url.js | |
parent | ee618a7ab239c98d945c723a4e225bc409151736 (diff) | |
download | android-node-v8-b77f699a84219702ccef6387882c0fdcb58529bb.tar.gz android-node-v8-b77f699a84219702ccef6387882c0fdcb58529bb.tar.bz2 android-node-v8-b77f699a84219702ccef6387882c0fdcb58529bb.zip |
url: avoid hostname spoofing w/ javascript protocol
CVE-2018-12123
Fixes: https://github.com/nodejs-private/security/issues/205
PR-URL: https://github.com/nodejs-private/node-private/pull/145
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Diffstat (limited to 'lib/url.js')
-rw-r--r-- | lib/url.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/url.js b/lib/url.js index db7369fed0..dfdb565cec 100644 --- a/lib/url.js +++ b/lib/url.js @@ -267,13 +267,13 @@ Url.prototype.parse = function parse(url, parseQueryString, slashesDenoteHost) { if (slashesDenoteHost || proto || hostPattern.test(rest)) { var slashes = rest.charCodeAt(0) === CHAR_FORWARD_SLASH && rest.charCodeAt(1) === CHAR_FORWARD_SLASH; - if (slashes && !(proto && hostlessProtocol[proto])) { + if (slashes && !(proto && hostlessProtocol[lowerProto])) { rest = rest.slice(2); this.slashes = true; } } - if (!hostlessProtocol[proto] && + if (!hostlessProtocol[lowerProto] && (slashes || (proto && !slashedProtocol[proto]))) { // there's a hostname. |