@braintree/sanitize-url
Advanced tools
Comparing version 2.0.2 to 2.1.0
CHANGELOG | ||
========= | ||
## 2.1.0 | ||
* Allow relative urls to be sanitized | ||
## 2.0.2 | ||
@@ -5,0 +8,0 @@ * Sanitize malicious URLs that begin with `\s` |
14
index.js
@@ -6,7 +6,17 @@ 'use strict'; | ||
var urlSchemeRegex = /^([^:]+):/gm; | ||
var relativeFirstCharacters = ['.', '/'] | ||
function isRelativeUrl(url) { | ||
return relativeFirstCharacters.indexOf(url[0]) > -1; | ||
} | ||
function sanitizeUrl(url) { | ||
var urlScheme; | ||
var urlScheme, urlSchemeParseResults; | ||
var sanitizedUrl = url.replace(ctrlCharactersRegex, ''); | ||
var urlSchemeParseResults = sanitizedUrl.match(urlSchemeRegex); | ||
if (isRelativeUrl(sanitizedUrl)) { | ||
return sanitizedUrl; | ||
} | ||
urlSchemeParseResults = sanitizedUrl.match(urlSchemeRegex); | ||
@@ -13,0 +23,0 @@ if (!urlSchemeParseResults) { |
{ | ||
"name": "@braintree/sanitize-url", | ||
"version": "2.0.2", | ||
"version": "2.1.0", | ||
"description": "A url sanitizer", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -67,2 +67,14 @@ 'use strict'; | ||
it('does not alter relative-path reference URLs', function () { | ||
expect(sanitizeUrl('./path/to/my.json')).to.equal('./path/to/my.json'); | ||
}); | ||
it('does not alter absolute-path reference URLs', function () { | ||
expect(sanitizeUrl('/path/to/my.json')).to.equal('/path/to/my.json'); | ||
}); | ||
it('does not alter network-path relative URLs', function () { | ||
expect(sanitizeUrl('//google.com/robots.txt')).to.equal('//google.com/robots.txt'); | ||
}); | ||
it('does not alter deep-link urls', function () { | ||
@@ -69,0 +81,0 @@ expect(sanitizeUrl('com.braintreepayments.demo://example')).to.equal('com.braintreepayments.demo://example'); |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
8479
8
89