@braintree/sanitize-url - npm Package Compare versions

Comparing version 5.0.0 to 5.0.1

CHANGELOG.md

@@ -0,3 +1,9 @@
+# 5.0.1
+
+- Fix issue where certain safe characters were being filtered out (#31 thanks @akirchmyer)
+
 # 5.0.0
 
+_Breaking Changes_
+
 - Sanitize vbscript urls (thanks @vicnicius)
@@ -4,0 +10,0 @@

dist/index.js

@@ -5,3 +5,3 @@ "use strict";
 var invalidProtocolRegex = /^(%20|\s)*(javascript|data|vbscript)/im;
-var ctrlCharactersRegex = /[^\x20-\x7EÀ-ž]/gim;
+var ctrlCharactersRegex = /[\u0000-\u001F\u007F-\u009F]/gim;
 var urlSchemeRegex = /^([^:]+):/gm;
@@ -8,0 +8,0 @@ var relativeFirstCharacters = [".", "/"];

package.json

 {
   "name": "@braintree/sanitize-url",
-  "version": "5.0.0",
+  "version": "5.0.1",
   "description": "A url sanitizer",
@@ -27,10 +27,10 @@ "main": "dist/index.js",
   "devDependencies": {
-    "@types/jest": "^26.0.13",
+    "@types/jest": "^26.0.19",
     "chai": "^4.1.0",
-    "eslint": "^7.8.1",
+    "eslint": "^7.17.0",
     "eslint-config-braintree": "^5.0.0-typescript-prep-rc.18",
-    "jest": "^26.4.2",
-    "prettier": "^2.1.1",
-    "ts-jest": "^26.3.0",
-    "typescript": "^3.9.7"
+    "jest": "^26.6.3",
+    "prettier": "^2.2.1",
+    "ts-jest": "^26.4.4",
+    "typescript": "^4.1.3"
   },
@@ -37,0 +37,0 @@ "jest": {

src/__tests__/test.ts

@@ -171,2 +171,14 @@ /* eslint-disable no-script-url */
 
+  it("does not strip harmless unicode characters", () => {
+    expect(sanitizeUrl("www.example.com/лот.рфшишкиü–")).toBe(
+      "www.example.com/лот.рфшишкиü–"
+    );
+  });
+
+  it("should strip out control chars", () => {
+    expect(sanitizeUrl("www.example.com/\u0000\u001F\x00\x1F")).toBe(
+      "www.example.com/"
+    );
+  });
+
   it("replaces blank urls with about:blank", () => {
@@ -173,0 +185,0 @@ expect(sanitizeUrl("")).toBe("about:blank");

src/index.ts

 const invalidProtocolRegex = /^(%20|\s)*(javascript|data|vbscript)/im;
-const ctrlCharactersRegex = /[^\x20-\x7EÀ-ž]/gim;
+const ctrlCharactersRegex = /[\u0000-\u001F\u007F-\u009F]/gim;
 const urlSchemeRegex = /^([^:]+):/gm;
@@ -4,0 +4,0 @@ const relativeFirstCharacters = [".", "/"];

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

12372

increased by0.27%

Number of package files

16

increased by6.67%

Lines of code

237

increased by4.41%

No dependency changes