ajv-formats
Advanced tools
Comparing version 1.4.0 to 1.4.1
const { toASCII } = require('punycode'); | ||
const { parse } = require('uri-js'); | ||
const { tldExists } = require('tldjs'); | ||
const hostnameRegex = /^(?=.{1,253}\.?$)[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?(?:\.[a-z0-9](?:[-0-9a-z]{0,61}[0-9a-z])?)*\.?$/i; | ||
module.exports = value => { | ||
const domain = toASCII(value); | ||
return tldExists(domain) && !domain.includes(':'); | ||
const hostname = toASCII(value); | ||
return ( | ||
hostname.replace(/\.$/, '').length <= 253 && | ||
hostnameRegex.test(hostname) | ||
); | ||
}; |
@@ -159,2 +159,3 @@ const assert = require('assert'); | ||
assert.ok(validate('google.com')); | ||
assert.ok(validate('123.example.com.')); | ||
@@ -165,2 +166,15 @@ // example from https://en.wikipedia.org/wiki/Internationalized_domain_name#Example_of_IDNA_encoding | ||
// https://tools.ietf.org/html/rfc5890#section-2.3.2.3 | ||
// -- An "internationalized domain name" (IDN) is a domain name that contains | ||
// at least ONE A-label or U-label | ||
assert.ok(validate('localhost')); | ||
// from AJV test suite | ||
// valid hostname - maximum length hostname (255 octets) with trailing dot | ||
assert.ok(validate('abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxy.example.com.')); | ||
// valid hostname - maximum length hostname (255 octets) | ||
assert.ok(validate("abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxy.example.com")); | ||
// valid hostname - maximum length label (63 chars) | ||
assert.ok(validate('abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijk.example.com')); | ||
// example from https://unicode.org/faq/idn.html#11 | ||
@@ -181,5 +195,11 @@ assert.ok(validate('öbb.at')); | ||
// bad tld | ||
assert.ok(!validate('example.unknown')); | ||
assert.ok(!validate('localhost')); | ||
// from ajv test suite | ||
// invalid hostname - label too long (64 chars) | ||
assert.ok(!validate('abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijkl.example.com')); | ||
// invalid hostname - hostname too long (256 octets) | ||
assert.ok(!validate('abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.example.com')); | ||
// invalid hostname - hostname too long (256 octets) | ||
assert.ok(!validate('abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.abcdefghijklmnopqrstuvwxyz.example.com.')); | ||
// a URL, not a hostname | ||
@@ -186,0 +206,0 @@ assert.ok(!validate('http://google.com')); |
{ | ||
"name": "ajv-formats", | ||
"version": "1.4.0", | ||
"version": "1.4.1", | ||
"description": "Plugin for AJV that adds support for some of draft2019 formats.", | ||
@@ -18,3 +18,2 @@ "main": "index.js", | ||
"schemes": "^1.1.1", | ||
"tldjs": "^2.3.1", | ||
"uri-js": "^4.2.2" | ||
@@ -21,0 +20,0 @@ }, |
@@ -9,11 +9,2 @@ # ajv-formats | ||
An open question is how thoroughly to validate things like hostnames and IRIs | ||
where the syntax and semantics diverge. Writing a regex for hostnames checks the | ||
syntax (ie. contains only certain characters, there are multiple segments | ||
separated by `.` and the lengths of all segments and the total length). That | ||
won't catch obviously fake domains like `unknown.unknown`. This library goes a | ||
step further than just checking the syntax and also attempts to check the | ||
semantics as well. For example, when validating `idn-hostname`, this library | ||
will also check for a valid TLD. | ||
## Installation | ||
@@ -124,3 +115,2 @@ | ||
The hostname is converted to ascii with punycode and checked for a valid tld. | ||
Note that `localhost` is technically not a valid hostname. | ||
@@ -127,0 +117,0 @@ ### duration |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
18535
5
350
118
- Removedtldjs@^2.3.1
- Removedpunycode@1.4.1(transitive)
- Removedtldjs@2.3.1(transitive)