@livechat/url-utils
Advanced tools
Comparing version 0.1.3 to 0.1.4
@@ -21,3 +21,3 @@ 'use strict'; | ||
var hostnameRegexp = /(?:[^:]+:\/\/)?([^\/\s]+)/; | ||
var hostnameRegexp = /(?:[^:]+:\/\/)?([^/\s]+)/; | ||
function getHostname(url) { | ||
@@ -28,3 +28,3 @@ var hostnameMatch = url.match(hostnameRegexp); | ||
var originRegexp = /[^:]+:\/\/[^(\/|\?)\s]+/; | ||
var originRegexp = /[^:]+:\/\/[^(/|?)\s]+/; | ||
@@ -36,6 +36,6 @@ var getOrigin = function getOrigin(url) { | ||
var preSearchRegexp = /.*\?(.+)/; | ||
var searchRegexp = /.*?\?([^#]+)/; | ||
var getSearch = function getSearch(url) { | ||
var match = url.match(preSearchRegexp); | ||
var match = url.match(searchRegexp); | ||
return match ? "?" + match[1] : ''; | ||
@@ -57,3 +57,3 @@ }; | ||
var pathnameRegexp = /^(?:https?:)?\/\/[^\/]+\/([^?#]+)/; | ||
var pathnameRegexp = /^(?:https?:)?\/\/[^/]+\/([^?#]+)/; | ||
@@ -65,4 +65,24 @@ var getPathname = function getPathname(url) { | ||
var protocolRegexp = /^((http(s)?\:)?\/\/)/; | ||
// URL can contain leading C0 control or \u0020 SPACE, | ||
// and any newline or tab are filtered out as if they're not part of the URL. | ||
// https://url.spec.whatwg.org/#url-parsing | ||
// Tab or newline are defined as \r\n\t: | ||
// https://infra.spec.whatwg.org/#ascii-tab-or-newline | ||
// A C0 control is a code point in the range \u0000 NULL to \u001F | ||
// INFORMATION SEPARATOR ONE, inclusive: | ||
// https://infra.spec.whatwg.org/#c0-control-or-space | ||
var intersperseWithTabOrNewline = function intersperseWithTabOrNewline(str) { | ||
return str.replace(/\w/g, '$&[\\r\\n\\t]*'); | ||
}; | ||
var unsafeProtocol = new RegExp("^[\0-\x1F]*(" + intersperseWithTabOrNewline('javascript') + "|" + intersperseWithTabOrNewline('data') + "):", 'i'); // would be better to whitelist things | ||
// but people might paste in protocolless URLs | ||
// and we would filter them out | ||
var hasUnsafeProtocol = function hasUnsafeProtocol(url) { | ||
return unsafeProtocol.test(url); | ||
}; | ||
var protocolRegexp = /^((http(s)?:)?\/\/)/; | ||
var removeProtocol = function removeProtocol(url) { | ||
@@ -72,3 +92,3 @@ return url.replace(protocolRegexp, ''); | ||
var protocolRegexp$1 = /^((http(s)?\:)?\/\/)/; | ||
var protocolRegexp$1 = /^((http(s)?:)?\/\/)/; | ||
@@ -88,4 +108,5 @@ var getProtocol = function getProtocol(url) { | ||
exports.getSearch = getSearch; | ||
exports.hasUnsafeProtocol = hasUnsafeProtocol; | ||
exports.removeProtocol = removeProtocol; | ||
exports.trimSearch = trimSearch; | ||
exports.getProtocol = getProtocol; |
@@ -17,3 +17,3 @@ import { toPairs, fromPairs } from '@livechat/data-utils'; | ||
var hostnameRegexp = /(?:[^:]+:\/\/)?([^\/\s]+)/; | ||
var hostnameRegexp = /(?:[^:]+:\/\/)?([^/\s]+)/; | ||
function getHostname(url) { | ||
@@ -24,3 +24,3 @@ var hostnameMatch = url.match(hostnameRegexp); | ||
var originRegexp = /[^:]+:\/\/[^(\/|\?)\s]+/; | ||
var originRegexp = /[^:]+:\/\/[^(/|?)\s]+/; | ||
@@ -32,6 +32,6 @@ var getOrigin = function getOrigin(url) { | ||
var preSearchRegexp = /.*\?(.+)/; | ||
var searchRegexp = /.*?\?([^#]+)/; | ||
var getSearch = function getSearch(url) { | ||
var match = url.match(preSearchRegexp); | ||
var match = url.match(searchRegexp); | ||
return match ? "?" + match[1] : ''; | ||
@@ -53,3 +53,3 @@ }; | ||
var pathnameRegexp = /^(?:https?:)?\/\/[^\/]+\/([^?#]+)/; | ||
var pathnameRegexp = /^(?:https?:)?\/\/[^/]+\/([^?#]+)/; | ||
@@ -61,4 +61,24 @@ var getPathname = function getPathname(url) { | ||
var protocolRegexp = /^((http(s)?\:)?\/\/)/; | ||
// URL can contain leading C0 control or \u0020 SPACE, | ||
// and any newline or tab are filtered out as if they're not part of the URL. | ||
// https://url.spec.whatwg.org/#url-parsing | ||
// Tab or newline are defined as \r\n\t: | ||
// https://infra.spec.whatwg.org/#ascii-tab-or-newline | ||
// A C0 control is a code point in the range \u0000 NULL to \u001F | ||
// INFORMATION SEPARATOR ONE, inclusive: | ||
// https://infra.spec.whatwg.org/#c0-control-or-space | ||
var intersperseWithTabOrNewline = function intersperseWithTabOrNewline(str) { | ||
return str.replace(/\w/g, '$&[\\r\\n\\t]*'); | ||
}; | ||
var unsafeProtocol = new RegExp("^[\0-\x1F]*(" + intersperseWithTabOrNewline('javascript') + "|" + intersperseWithTabOrNewline('data') + "):", 'i'); // would be better to whitelist things | ||
// but people might paste in protocolless URLs | ||
// and we would filter them out | ||
var hasUnsafeProtocol = function hasUnsafeProtocol(url) { | ||
return unsafeProtocol.test(url); | ||
}; | ||
var protocolRegexp = /^((http(s)?:)?\/\/)/; | ||
var removeProtocol = function removeProtocol(url) { | ||
@@ -68,3 +88,3 @@ return url.replace(protocolRegexp, ''); | ||
var protocolRegexp$1 = /^((http(s)?\:)?\/\/)/; | ||
var protocolRegexp$1 = /^((http(s)?:)?\/\/)/; | ||
@@ -76,2 +96,2 @@ var getProtocol = function getProtocol(url) { | ||
export { buildQueryString, decodeQueryString, getHostname, getOrigin, getQueryParam, getQueryParams, getPathname, getSearch, removeProtocol, trimSearch, getProtocol }; | ||
export { buildQueryString, decodeQueryString, getHostname, getOrigin, getQueryParam, getQueryParams, getPathname, getSearch, hasUnsafeProtocol, removeProtocol, trimSearch, getProtocol }; |
{ | ||
"name": "@livechat/url-utils", | ||
"version": "0.1.3", | ||
"version": "0.1.4", | ||
"description": "URL utility functions", | ||
@@ -10,9 +10,16 @@ "contributors": [ | ||
"license": "MIT", | ||
"source": "./src/index.ts", | ||
"main": "./dist/url-utils.cjs.js", | ||
"module": "./dist/url-utils.esm.js", | ||
"types": "./types", | ||
"files": ["dist", "types"], | ||
"keywords": ["url", "utils"], | ||
"files": [ | ||
"dist", | ||
"types/**/*.d.ts" | ||
], | ||
"keywords": [ | ||
"url", | ||
"utils" | ||
], | ||
"dependencies": { | ||
"@livechat/data-utils": "^0.2.7" | ||
"@livechat/data-utils": "^0.2.8" | ||
}, | ||
@@ -25,5 +32,4 @@ "devDependencies": { | ||
"@babel/preset-typescript": "^7.3.3", | ||
"babel-core": "^7.0.0-bridge.0", | ||
"babel-jest": "^23.4.2", | ||
"jest": "^23.6.0", | ||
"babel-jest": "^24.9.0", | ||
"jest": "24.9.0", | ||
"lerna-alias": "3.0.3-0", | ||
@@ -34,6 +40,6 @@ "rimraf": "^2.6.1", | ||
"rollup-plugin-node-resolve": "^3.0.0", | ||
"typescript": "^3.4.1" | ||
"typescript": "^3.6.4" | ||
}, | ||
"scripts": { | ||
"prebuild": "rimraf dist types", | ||
"prebuild": "rimraf dist", | ||
"build": "rollup -c && tsc", | ||
@@ -40,0 +46,0 @@ "test": "jest", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
10107
13
17
196
0
Updated@livechat/data-utils@^0.2.8