purify - npm Package Compare versions

Comparing version 3.0.0 to 3.1.0

lib/purify.js

@@ -25,12 +25,22 @@ (function (root, factory) {
         // Should return an email with the domain part in its punycoded form regardless of input
-        if (typeof rawValue === 'string' && oneValidation.emailIdn.test(rawValue)) {
-            var fragments = rawValue.toLowerCase().split('@'),
-                encodedDomain = fragments.length === 2 && punycode.toASCII(fragments[1]),
-                encodedEmail = encodedDomain && fragments[0] + '@' + encodedDomain;
+        var fragments,
+            encodedEmail,
+            encodedDomain;
 
+        try {
+            if (typeof rawValue === 'string' && oneValidation.emailIdn.test(rawValue)) {
+                fragments = rawValue.toLowerCase().split('@');
+                encodedDomain = fragments.length === 2 && punycode.toASCII(fragments[1]);
+                punycode.toUnicode(encodedDomain); // Makes sure invalid domains like foo.xn--no aren't allowed
+            }
+        } catch (e) {
+            encodedDomain = undefined;
+        } finally {
+            encodedEmail = encodedDomain && fragments[0] + '@' + encodedDomain;
             if (typeof encodedEmail === 'string' && oneValidation.email.test(encodedEmail)) {
                 return encodedEmail;
+            } else {
+                return defaultValue;
             }
         }
-        return defaultValue;
     };
@@ -40,13 +50,21 @@
         // Should return an email with the domain part in its non-punycoded form regardless of input
-        if (typeof rawValue === 'string' && oneValidation.emailIdn.test(rawValue)) {
-            var fragments = rawValue.toLowerCase().split('@'),
-                decodedDomain = fragments.length === 2 && punycode.toUnicode(fragments[1]),
-                decodedEmail = decodedDomain && fragments[0] + '@' + decodedDomain;
+        var fragments,
+            decodedDomain,
+            decodedEmail;
 
+        try {
+            if (typeof rawValue === 'string' && oneValidation.emailIdn.test(rawValue)) {
+                fragments = rawValue.toLowerCase().split('@');
+                decodedDomain = fragments.length === 2 && punycode.toUnicode(fragments[1]);
+            }
+        } catch (e) {
+            decodedDomain = undefined;
+        } finally {
+            decodedEmail = decodedDomain && fragments[0] + '@' + decodedDomain;
             if (typeof decodedEmail === 'string' && oneValidation.emailIdn.test(decodedEmail)) {
                 return decodedEmail;
+            } else {
+                return defaultValue;
             }
         }
-
-        return defaultValue;
     };
@@ -56,9 +74,17 @@
         // Should return a domain in its punycoded form regardless of input
-        if (typeof rawValue === 'string' && oneValidation.domainIdn.test(rawValue)) {
-            var encoded = punycode.toASCII(rawValue.toLowerCase());
-            if (typeof encoded === 'string' && oneValidation.domain.test(encoded)) {
-                return encoded;
+        var encodedDomain;
+        try {
+            if (typeof rawValue === 'string' && oneValidation.domainIdn.test(rawValue)) {
+                encodedDomain = punycode.toASCII(rawValue.toLowerCase());
+                punycode.toUnicode(encodedDomain); // Makes sure that things like foo.xn--no aren't allowed
             }
+        } catch (e) {
+            encodedDomain = undefined;
+        } finally {
+            if (typeof encodedDomain === 'string' && oneValidation.domain.test(encodedDomain)) {
+                return encodedDomain;
+            } else {
+                return defaultValue;
+            }
         }
-        return defaultValue;
     };
@@ -68,9 +94,16 @@
         // Should return a domain in its non-punycoded form regardless of input
-        if (typeof rawValue === 'string' && oneValidation.domainIdn.test(rawValue)) {
-            var decoded = punycode.toUnicode(rawValue.toLowerCase());
-            if (typeof decoded === 'string' && oneValidation.domainIdn.test(decoded)) {
-                return decoded;
+        var decodedDomain;
+        try {
+            if (typeof rawValue === 'string' && oneValidation.domainIdn.test(rawValue)) {
+                decodedDomain = punycode.toUnicode(rawValue.toLowerCase());
             }
+        } catch (e) {
+            decodedDomain = undefined;
+        } finally {
+            if (typeof decodedDomain === 'string' && oneValidation.domainIdn.test(decodedDomain)) {
+                return decodedDomain;
+            } else {
+                return defaultValue;
+            }
         }
-        return defaultValue;
     };
@@ -77,0 +110,0 @@

package.json

@@ -19,3 +19,3 @@ {
   },
-  "version": "3.0.0",
+  "version": "3.1.0",
   "engines": {
@@ -22,0 +22,0 @@ "node": ">=0.4.0"

test/purify.js

@@ -78,2 +78,3 @@ /*global it, describe*/
             expect('email', 'not to allow', '\x00andreas@centersurf.net');
+            expect('email', 'not to allow', 'foo@bar.xn--no');
             expect('email', 'not to allow', 'andræas@centersurf.quuxbar');
@@ -101,2 +102,3 @@ });
             expect('emailIdn', 'not to allow', '\x00andreas@cæntersurf.net');
+            expect('emailIdn', 'not to allow', 'foo@bar.xn--no');
             expect('emailIdn', 'not to allow', 'andræas@cæntersurf.quuxbar');
@@ -124,2 +126,3 @@ });
             expect('domain', 'not to allow', '\x00centersurf.net');
+            expect('domain', 'not to allow', 'bar.xn--no');
             expect('domain', 'not to allow', '/!');
@@ -147,2 +150,3 @@ });
             expect('domainIdn', 'not to allow', '\x00centersurf.net');
+            expect('domainIdn', 'not to allow', 'bar.xn--no');
             expect('domainIdn', 'not to allow', '/!');
@@ -149,0 +153,0 @@ });

No alert changes

Improved metrics

Total package byte prevSize

45753

increased by2.89%

Lines of code

781

increased by5.11%

No dependency changes