1045 lines
29 KiB
JavaScript
1045 lines
29 KiB
JavaScript
import * as querystring from "node:querystring";
|
|
import * as punnycode from "./punycode.mjs";
|
|
import { encodeStr, hexTable } from "./internal/querystring/querystring.mjs";
|
|
import { spliceOne } from "./internal/url/util.mjs";
|
|
import { ERR_INVALID_ARG_TYPE, ERR_INVALID_URL } from "./internal/url/errors.mjs";
|
|
import { pathToFileURL as _pathToFileURL, fileURLToPath, unsafeProtocol, hostlessProtocol, slashedProtocol, urlToHttpOptions } from "./internal/url/url.mjs";
|
|
import { CHAR_SPACE, CHAR_TAB, CHAR_CARRIAGE_RETURN, CHAR_LINE_FEED, CHAR_NO_BREAK_SPACE, CHAR_ZERO_WIDTH_NOBREAK_SPACE, CHAR_HASH, CHAR_FORWARD_SLASH, CHAR_LEFT_SQUARE_BRACKET, CHAR_RIGHT_SQUARE_BRACKET, CHAR_LEFT_ANGLE_BRACKET, CHAR_RIGHT_ANGLE_BRACKET, CHAR_LEFT_CURLY_BRACKET, CHAR_RIGHT_CURLY_BRACKET, CHAR_QUESTION_MARK, CHAR_DOUBLE_QUOTE, CHAR_SINGLE_QUOTE, CHAR_PERCENT, CHAR_SEMICOLON, CHAR_BACKWARD_SLASH, CHAR_CIRCUMFLEX_ACCENT, CHAR_GRAVE_ACCENT, CHAR_VERTICAL_LINE, CHAR_AT, CHAR_COLON } from "./internal/url/constants.mjs";
|
|
class Url {
|
|
auth = null;
|
|
hash = null;
|
|
host = null;
|
|
hostname = null;
|
|
href = null;
|
|
path = null;
|
|
pathname = null;
|
|
protocol = null;
|
|
search = null;
|
|
slashes = null;
|
|
port = null;
|
|
query = null;
|
|
parse(url, parseQueryString, slashesDenoteHost) {
|
|
// validateString(url, "url");
|
|
if (typeof url !== "string") {
|
|
throw new ERR_INVALID_ARG_TYPE("url", "string", url);
|
|
}
|
|
// Copy chrome, IE, opera backslash-handling behavior.
|
|
// Back slashes before the query string get converted to forward slashes
|
|
// See: https://code.google.com/p/chromium/issues/detail?id=25916
|
|
let hasHash = false;
|
|
let hasAt = false;
|
|
let start = -1;
|
|
let end = -1;
|
|
let rest = "";
|
|
let lastPos = 0;
|
|
for (let i = 0, inWs = false, split = false; i < url.length; ++i) {
|
|
const code = url.charCodeAt(i);
|
|
// Find first and last non-whitespace characters for trimming
|
|
const isWs = code < 33 || code === CHAR_NO_BREAK_SPACE || code === CHAR_ZERO_WIDTH_NOBREAK_SPACE;
|
|
if (start === -1) {
|
|
if (isWs) continue;
|
|
lastPos = start = i;
|
|
} else if (inWs) {
|
|
if (!isWs) {
|
|
end = -1;
|
|
inWs = false;
|
|
}
|
|
} else if (isWs) {
|
|
end = i;
|
|
inWs = true;
|
|
}
|
|
// Only convert backslashes while we haven't seen a split character
|
|
if (!split) {
|
|
switch (code) {
|
|
case CHAR_AT:
|
|
hasAt = true;
|
|
break;
|
|
case CHAR_HASH: hasHash = true;
|
|
case CHAR_QUESTION_MARK:
|
|
split = true;
|
|
break;
|
|
case CHAR_BACKWARD_SLASH:
|
|
if (i - lastPos > 0) rest += url.slice(lastPos, i);
|
|
rest += "/";
|
|
lastPos = i + 1;
|
|
break;
|
|
}
|
|
} else if (!hasHash && code === CHAR_HASH) {
|
|
hasHash = true;
|
|
}
|
|
}
|
|
// Check if string was non-empty (including strings with only whitespace)
|
|
if (start !== -1) {
|
|
if (lastPos === start) {
|
|
// We didn't convert any backslashes
|
|
if (end === -1) {
|
|
if (start === 0) rest = url;
|
|
else rest = url.slice(start);
|
|
} else {
|
|
rest = url.slice(start, end);
|
|
}
|
|
} else if (end === -1 && lastPos < url.length) {
|
|
// We converted some backslashes and have only part of the entire string
|
|
rest += url.slice(lastPos);
|
|
} else if (end !== -1 && lastPos < end) {
|
|
// We converted some backslashes and have only part of the entire string
|
|
rest += url.slice(lastPos, end);
|
|
}
|
|
}
|
|
if (!slashesDenoteHost && !hasHash && !hasAt) {
|
|
// Try fast path regexp
|
|
const simplePath = simplePathPattern.exec(rest);
|
|
if (simplePath) {
|
|
this.path = rest;
|
|
this.href = rest;
|
|
this.pathname = simplePath[1];
|
|
if (simplePath[2]) {
|
|
this.search = simplePath[2];
|
|
if (parseQueryString) {
|
|
this.query = querystring.parse(this.search.slice(1));
|
|
} else {
|
|
this.query = this.search.slice(1);
|
|
}
|
|
} else if (parseQueryString) {
|
|
this.search = null;
|
|
// @ts-expect-error
|
|
this.query = { __proto__: null };
|
|
}
|
|
return this;
|
|
}
|
|
}
|
|
const protoMatch = protocolPattern.exec(rest);
|
|
let proto, lowerProto;
|
|
if (protoMatch) {
|
|
proto = protoMatch[0];
|
|
lowerProto = proto.toLowerCase();
|
|
this.protocol = lowerProto;
|
|
rest = rest.slice(proto.length);
|
|
}
|
|
// Figure out if it's got a host
|
|
// user@server is *always* interpreted as a hostname, and url
|
|
// resolution will treat //foo/bar as host=foo,path=bar because that's
|
|
// how the browser resolves relative URLs.
|
|
let slashes;
|
|
if (slashesDenoteHost || proto || hostPattern.test(rest)) {
|
|
slashes = rest.charCodeAt(0) === CHAR_FORWARD_SLASH && rest.charCodeAt(1) === CHAR_FORWARD_SLASH;
|
|
if (slashes && !(proto && hostlessProtocol.has(lowerProto))) {
|
|
rest = rest.slice(2);
|
|
this.slashes = true;
|
|
}
|
|
}
|
|
if (!hostlessProtocol.has(lowerProto) && (slashes || proto && !slashedProtocol.has(proto))) {
|
|
// there's a hostname.
|
|
// the first instance of /, ?, ;, or # ends the host.
|
|
//
|
|
// If there is an @ in the hostname, then non-host chars *are* allowed
|
|
// to the left of the last @ sign, unless some host-ending character
|
|
// comes *before* the @-sign.
|
|
// URLs are obnoxious.
|
|
//
|
|
// ex:
|
|
// http://a@b@c/ => user:a@b host:c
|
|
// http://a@b?@c => user:a host:b path:/?@c
|
|
let hostEnd = -1;
|
|
let atSign = -1;
|
|
let nonHost = -1;
|
|
for (let i = 0; i < rest.length; ++i) {
|
|
switch (rest.charCodeAt(i)) {
|
|
case CHAR_TAB:
|
|
case CHAR_LINE_FEED:
|
|
case CHAR_CARRIAGE_RETURN:
|
|
// WHATWG URL removes tabs, newlines, and carriage returns. Let's do that too.
|
|
rest = rest.slice(0, i) + rest.slice(i + 1);
|
|
i -= 1;
|
|
break;
|
|
case CHAR_SPACE:
|
|
case CHAR_DOUBLE_QUOTE:
|
|
case CHAR_PERCENT:
|
|
case CHAR_SINGLE_QUOTE:
|
|
case CHAR_SEMICOLON:
|
|
case CHAR_LEFT_ANGLE_BRACKET:
|
|
case CHAR_RIGHT_ANGLE_BRACKET:
|
|
case CHAR_BACKWARD_SLASH:
|
|
case CHAR_CIRCUMFLEX_ACCENT:
|
|
case CHAR_GRAVE_ACCENT:
|
|
case CHAR_LEFT_CURLY_BRACKET:
|
|
case CHAR_VERTICAL_LINE:
|
|
case CHAR_RIGHT_CURLY_BRACKET:
|
|
// Characters that are never ever allowed in a hostname from RFC 2396
|
|
if (nonHost === -1) nonHost = i;
|
|
break;
|
|
case CHAR_HASH:
|
|
case CHAR_FORWARD_SLASH:
|
|
case CHAR_QUESTION_MARK:
|
|
// Find the first instance of any host-ending characters
|
|
if (nonHost === -1) nonHost = i;
|
|
hostEnd = i;
|
|
break;
|
|
case CHAR_AT:
|
|
// At this point, either we have an explicit point where the
|
|
// auth portion cannot go past, or the last @ char is the decider.
|
|
atSign = i;
|
|
nonHost = -1;
|
|
break;
|
|
}
|
|
if (hostEnd !== -1) break;
|
|
}
|
|
start = 0;
|
|
if (atSign !== -1) {
|
|
this.auth = decodeURIComponent(rest.slice(0, atSign));
|
|
start = atSign + 1;
|
|
}
|
|
if (nonHost === -1) {
|
|
this.host = rest.slice(start);
|
|
rest = "";
|
|
} else {
|
|
this.host = rest.slice(start, nonHost);
|
|
rest = rest.slice(nonHost);
|
|
}
|
|
// pull out port.
|
|
this.parseHost();
|
|
// We've indicated that there is a hostname,
|
|
// so even if it's empty, it has to be present.
|
|
if (typeof this.hostname !== "string") this.hostname = "";
|
|
const hostname = this.hostname;
|
|
// If hostname begins with [ and ends with ]
|
|
// assume that it's an IPv6 address.
|
|
const ipv6Hostname = isIpv6Hostname(hostname);
|
|
// validate a little.
|
|
if (!ipv6Hostname) {
|
|
rest = getHostname(this, rest, hostname, url);
|
|
}
|
|
if (this.hostname.length > hostnameMaxLen) {
|
|
this.hostname = "";
|
|
} else {
|
|
// Hostnames are always lower case.
|
|
this.hostname = this.hostname.toLowerCase();
|
|
}
|
|
if (this.hostname !== "") {
|
|
if (ipv6Hostname) {
|
|
if (forbiddenHostCharsIpv6.test(this.hostname)) {
|
|
throw new ERR_INVALID_URL(url);
|
|
}
|
|
} else {
|
|
// IDNA Support: Returns a punycoded representation of "domain".
|
|
// It only converts parts of the domain name that
|
|
// have non-ASCII characters, i.e. it doesn't matter if
|
|
// you call it with a domain that already is ASCII-only.
|
|
this.hostname = punnycode.toASCII(this.hostname);
|
|
// Prevent two potential routes of hostname spoofing.
|
|
// 1. If this.hostname is empty, it must have become empty due to toASCII
|
|
// since we checked this.hostname above.
|
|
// 2. If any of forbiddenHostChars appears in this.hostname, it must have
|
|
// also gotten in due to toASCII. This is since getHostname would have
|
|
// filtered them out otherwise.
|
|
// Rather than trying to correct this by moving the non-host part into
|
|
// the pathname as we've done in getHostname, throw an exception to
|
|
// convey the severity of this issue.
|
|
if (this.hostname === "" || forbiddenHostChars.test(this.hostname)) {
|
|
throw new ERR_INVALID_URL(url);
|
|
}
|
|
}
|
|
}
|
|
const p = this.port ? ":" + this.port : "";
|
|
const h = this.hostname || "";
|
|
this.host = h + p;
|
|
// strip [ and ] from the hostname
|
|
// the host field still retains them, though
|
|
if (ipv6Hostname) {
|
|
this.hostname = this.hostname.slice(1, -1);
|
|
if (rest[0] !== "/") {
|
|
rest = "/" + rest;
|
|
}
|
|
}
|
|
}
|
|
// Now rest is set to the post-host stuff.
|
|
// Chop off any delim chars.
|
|
if (!unsafeProtocol.has(lowerProto)) {
|
|
// First, make 100% sure that any "autoEscape" chars get
|
|
// escaped, even if encodeURIComponent doesn't think they
|
|
// need to be.
|
|
rest = autoEscapeStr(rest);
|
|
}
|
|
let questionIdx = -1;
|
|
let hashIdx = -1;
|
|
for (let i = 0; i < rest.length; ++i) {
|
|
const code = rest.charCodeAt(i);
|
|
if (code === CHAR_HASH) {
|
|
this.hash = rest.slice(i);
|
|
hashIdx = i;
|
|
break;
|
|
} else if (code === CHAR_QUESTION_MARK && questionIdx === -1) {
|
|
questionIdx = i;
|
|
}
|
|
}
|
|
if (questionIdx !== -1) {
|
|
if (hashIdx === -1) {
|
|
this.search = rest.slice(questionIdx);
|
|
this.query = rest.slice(questionIdx + 1);
|
|
} else {
|
|
this.search = rest.slice(questionIdx, hashIdx);
|
|
this.query = rest.slice(questionIdx + 1, hashIdx);
|
|
}
|
|
if (parseQueryString) {
|
|
this.query = querystring.parse(this.query);
|
|
}
|
|
} else if (parseQueryString) {
|
|
// No query string, but parseQueryString still requested
|
|
this.search = null;
|
|
// @ts-expect-error
|
|
this.query = { __proto__: null };
|
|
}
|
|
const useQuestionIdx = questionIdx !== -1 && (hashIdx === -1 || questionIdx < hashIdx);
|
|
const firstIdx = useQuestionIdx ? questionIdx : hashIdx;
|
|
if (firstIdx === -1) {
|
|
if (rest.length > 0) this.pathname = rest;
|
|
} else if (firstIdx > 0) {
|
|
this.pathname = rest.slice(0, firstIdx);
|
|
}
|
|
if (slashedProtocol.has(lowerProto) && this.hostname && !this.pathname) {
|
|
this.pathname = "/";
|
|
}
|
|
// To support http.request
|
|
if (this.pathname || this.search) {
|
|
const p = this.pathname || "";
|
|
const s = this.search || "";
|
|
this.path = p + s;
|
|
}
|
|
// Finally, reconstruct the href based on what has been validated.
|
|
this.href = this.format();
|
|
return this;
|
|
}
|
|
format() {
|
|
let auth = this.auth || "";
|
|
if (auth) {
|
|
auth = encodeStr(auth, noEscapeAuth, hexTable);
|
|
auth += "@";
|
|
}
|
|
let protocol = this.protocol || "";
|
|
let pathname = this.pathname || "";
|
|
let hash = this.hash || "";
|
|
let host = "";
|
|
let query = "";
|
|
if (this.host) {
|
|
host = auth + this.host;
|
|
} else if (this.hostname) {
|
|
host = auth + (this.hostname.includes(":") && !isIpv6Hostname(this.hostname) ? "[" + this.hostname + "]" : this.hostname);
|
|
if (this.port) {
|
|
host += ":" + this.port;
|
|
}
|
|
}
|
|
if (this.query !== null && typeof this.query === "object") {
|
|
query = querystring.stringify(this.query);
|
|
}
|
|
let search = this.search || query && "?" + query || "";
|
|
if (protocol && protocol.charCodeAt(protocol.length - 1) !== 58) protocol += ":";
|
|
let newPathname = "";
|
|
let lastPos = 0;
|
|
for (let i = 0; i < pathname.length; ++i) {
|
|
switch (pathname.charCodeAt(i)) {
|
|
case CHAR_HASH:
|
|
if (i - lastPos > 0) newPathname += pathname.slice(lastPos, i);
|
|
newPathname += "%23";
|
|
lastPos = i + 1;
|
|
break;
|
|
case CHAR_QUESTION_MARK:
|
|
if (i - lastPos > 0) newPathname += pathname.slice(lastPos, i);
|
|
newPathname += "%3F";
|
|
lastPos = i + 1;
|
|
break;
|
|
}
|
|
}
|
|
if (lastPos > 0) {
|
|
if (lastPos === pathname.length) {
|
|
pathname = newPathname;
|
|
} else {
|
|
pathname = newPathname + pathname.slice(lastPos);
|
|
}
|
|
}
|
|
// Only the slashedProtocols get the //. Not mailto:, xmpp:, etc.
|
|
// unless they had them to begin with.
|
|
if (this.slashes || slashedProtocol.has(protocol)) {
|
|
if (this.slashes || host) {
|
|
if (pathname && pathname.charCodeAt(0) !== CHAR_FORWARD_SLASH) pathname = "/" + pathname;
|
|
host = "//" + host;
|
|
} else if (protocol.length >= 4 && protocol.charCodeAt(0) === 102 && protocol.charCodeAt(1) === 105 && protocol.charCodeAt(2) === 108 && protocol.charCodeAt(3) === 101) {
|
|
host = "//";
|
|
}
|
|
}
|
|
search = search.replace(/#/g, "%23");
|
|
if (hash && hash.charCodeAt(0) !== CHAR_HASH) hash = "#" + hash;
|
|
if (search && search.charCodeAt(0) !== CHAR_QUESTION_MARK) search = "?" + search;
|
|
return protocol + host + pathname + search + hash;
|
|
}
|
|
resolve(relative) {
|
|
return this.resolveObject(urlParse(relative, false, true)).format();
|
|
}
|
|
resolveObject(relative) {
|
|
if (typeof relative === "string") {
|
|
const rel = new Url();
|
|
rel.parse(relative, false, true);
|
|
relative = rel;
|
|
}
|
|
const result = new Url();
|
|
Object.assign(result, this);
|
|
// Hash is always overridden, no matter what.
|
|
// even href="" will remove it.
|
|
result.hash = relative.hash;
|
|
// If the relative url is empty, then there's nothing left to do here.
|
|
if (relative.href === "") {
|
|
result.href = result.format();
|
|
return result;
|
|
}
|
|
// Hrefs like //foo/bar always cut to the protocol.
|
|
if (relative.slashes && !relative.protocol) {
|
|
// Take everything except the protocol from relative
|
|
// eslint-disable-next-line unicorn/no-array-reduce
|
|
const relativeWithoutProtocol = Object.keys(relative).reduce((acc, key) => {
|
|
if (key !== "protocol") {
|
|
acc[key] = relative[key];
|
|
}
|
|
return acc;
|
|
}, {});
|
|
Object.assign(result, relativeWithoutProtocol);
|
|
// urlParse appends trailing / to urls like http://www.example.com
|
|
if (slashedProtocol.has(result.protocol) && result.hostname && !result.pathname) {
|
|
result.path = result.pathname = "/";
|
|
}
|
|
result.href = result.format();
|
|
return result;
|
|
}
|
|
if (relative.protocol && relative.protocol !== result.protocol) {
|
|
// If it's a known url protocol, then changing
|
|
// the protocol does weird things
|
|
// first, if it's not file:, then we MUST have a host,
|
|
// and if there was a path
|
|
// to begin with, then we MUST have a path.
|
|
// if it is file:, then the host is dropped,
|
|
// because that's known to be hostless.
|
|
// anything else is assumed to be absolute.
|
|
if (!slashedProtocol.has(relative.protocol)) {
|
|
Object.assign(result, relative);
|
|
result.href = result.format();
|
|
return result;
|
|
}
|
|
result.protocol = relative.protocol;
|
|
if (!relative.host && !/^file:?$/.test(relative.protocol) && !hostlessProtocol.has(relative.protocol)) {
|
|
const relPath = (relative.pathname || "").split("/");
|
|
while (relPath.length > 0 && !(relative.host = relPath.shift()));
|
|
if (!relative.host) relative.host = "";
|
|
if (!relative.hostname) relative.hostname = "";
|
|
if (relPath[0] !== "") relPath.unshift("");
|
|
if (relPath.length < 2) relPath.unshift("");
|
|
result.pathname = relPath.join("/");
|
|
} else {
|
|
result.pathname = relative.pathname;
|
|
}
|
|
result.search = relative.search;
|
|
result.query = relative.query;
|
|
result.host = relative.host || "";
|
|
result.auth = relative.auth;
|
|
result.hostname = relative.hostname || relative.host;
|
|
result.port = relative.port;
|
|
// To support http.request
|
|
if (result.pathname || result.search) {
|
|
const p = result.pathname || "";
|
|
const s = result.search || "";
|
|
result.path = p + s;
|
|
}
|
|
result.slashes = result.slashes || relative.slashes;
|
|
result.href = result.format();
|
|
return result;
|
|
}
|
|
const isSourceAbs = result.pathname && result.pathname.charAt(0) === "/";
|
|
const isRelAbs = relative.host || relative.pathname && relative.pathname.charAt(0) === "/";
|
|
let mustEndAbs = isRelAbs || isSourceAbs || result.host && relative.pathname;
|
|
const removeAllDots = mustEndAbs;
|
|
let srcPath = result.pathname && result.pathname.split("/") || [];
|
|
const relPath = relative.pathname && relative.pathname.split("/") || [];
|
|
const noLeadingSlashes = result.protocol && !slashedProtocol.has(result.protocol);
|
|
// If the url is a non-slashed url, then relative
|
|
// links like ../.. should be able
|
|
// to crawl up to the hostname, as well. This is strange.
|
|
// result.protocol has already been set by now.
|
|
// Later on, put the first path part into the host field.
|
|
if (noLeadingSlashes) {
|
|
result.hostname = "";
|
|
result.port = null;
|
|
if (result.host) {
|
|
if (srcPath[0] === "") srcPath[0] = result.host;
|
|
else srcPath.unshift(result.host);
|
|
}
|
|
result.host = "";
|
|
if (relative.protocol) {
|
|
relative.hostname = null;
|
|
relative.port = null;
|
|
result.auth = null;
|
|
if (relative.host) {
|
|
if (relPath[0] === "") relPath[0] = relative.host;
|
|
else relPath.unshift(relative.host);
|
|
}
|
|
relative.host = null;
|
|
}
|
|
mustEndAbs = mustEndAbs && (relPath[0] === "" || srcPath[0] === "");
|
|
}
|
|
if (isRelAbs) {
|
|
// it's absolute.
|
|
if (relative.host || relative.host === "") {
|
|
if (result.host !== relative.host) result.auth = null;
|
|
result.host = relative.host;
|
|
result.port = relative.port;
|
|
}
|
|
if (relative.hostname || relative.hostname === "") {
|
|
if (result.hostname !== relative.hostname) result.auth = null;
|
|
result.hostname = relative.hostname;
|
|
}
|
|
result.search = relative.search;
|
|
result.query = relative.query;
|
|
srcPath = relPath;
|
|
} else if (relPath.length > 0) {
|
|
// it's relative
|
|
// throw away the existing file, and take the new path instead.
|
|
if (!srcPath) srcPath = [];
|
|
srcPath.pop();
|
|
// eslint-disable-next-line unicorn/prefer-spread
|
|
srcPath = srcPath.concat(relPath);
|
|
result.search = relative.search;
|
|
result.query = relative.query;
|
|
} else if (relative.search !== null && relative.search !== undefined) {
|
|
// Just pull out the search.
|
|
// like href='?foo'.
|
|
// Put this after the other two cases because it simplifies the booleans
|
|
if (noLeadingSlashes) {
|
|
result.hostname = result.host = srcPath.shift();
|
|
// Occasionally the auth can get stuck only in host.
|
|
// This especially happens in cases like
|
|
// url.resolveObject('mailto:local1@domain1', 'local2@domain2')
|
|
const authInHost = result.host && result.host.indexOf("@") > 0 && result.host.split("@");
|
|
if (authInHost) {
|
|
result.auth = authInHost.shift();
|
|
result.host = result.hostname = authInHost.shift();
|
|
}
|
|
}
|
|
result.search = relative.search;
|
|
result.query = relative.query;
|
|
// To support http.request
|
|
if (result.pathname !== null || result.search !== null) {
|
|
result.path = (result.pathname ? result.pathname : "") + (result.search ? result.search : "");
|
|
}
|
|
result.href = result.format();
|
|
return result;
|
|
}
|
|
if (srcPath.length === 0) {
|
|
// No path at all. All other things were already handled above.
|
|
result.pathname = null;
|
|
// To support http.request
|
|
if (result.search) {
|
|
result.path = "/" + result.search;
|
|
} else {
|
|
result.path = null;
|
|
}
|
|
result.href = result.format();
|
|
return result;
|
|
}
|
|
// If a url ENDs in . or .., then it must get a trailing slash.
|
|
// however, if it ends in anything else non-slashy,
|
|
// then it must NOT get a trailing slash.
|
|
let last = srcPath.at(-1);
|
|
const hasTrailingSlash = (result.host || relative.host || srcPath.length > 1) && (last === "." || last === "..") || last === "";
|
|
// Strip single dots, resolve double dots to parent dir
|
|
// if the path tries to go above the root, `up` ends up > 0
|
|
let up = 0;
|
|
for (let i = srcPath.length - 1; i >= 0; i--) {
|
|
last = srcPath[i];
|
|
if (last === ".") {
|
|
spliceOne(srcPath, i);
|
|
} else if (last === "..") {
|
|
spliceOne(srcPath, i);
|
|
up++;
|
|
} else if (up) {
|
|
spliceOne(srcPath, i);
|
|
up--;
|
|
}
|
|
}
|
|
// If the path is allowed to go above the root, restore leading ..s
|
|
if (!mustEndAbs && !removeAllDots) {
|
|
while (up--) {
|
|
srcPath.unshift("..");
|
|
}
|
|
}
|
|
if (mustEndAbs && srcPath[0] !== "" && (!srcPath[0] || srcPath[0].charAt(0) !== "/")) {
|
|
srcPath.unshift("");
|
|
}
|
|
if (hasTrailingSlash && srcPath.join("/").slice(-1) !== "/") {
|
|
srcPath.push("");
|
|
}
|
|
const isAbsolute = srcPath[0] === "" || srcPath[0] && srcPath[0].charAt(0) === "/";
|
|
// put the host back
|
|
if (noLeadingSlashes) {
|
|
result.hostname = result.host = isAbsolute ? "" : srcPath.length > 0 ? srcPath.shift() : "";
|
|
// Occasionally the auth can get stuck only in host.
|
|
// This especially happens in cases like
|
|
// url.resolveObject('mailto:local1@domain1', 'local2@domain2')
|
|
const authInHost = result.host && result.host.indexOf("@") > 0 ? result.host.split("@") : false;
|
|
if (authInHost) {
|
|
result.auth = authInHost.shift();
|
|
result.host = result.hostname = authInHost.shift();
|
|
}
|
|
}
|
|
// eslint-disable-next-line unicorn/explicit-length-check
|
|
mustEndAbs = mustEndAbs || result.host && srcPath.length;
|
|
if (mustEndAbs && !isAbsolute) {
|
|
srcPath.unshift("");
|
|
}
|
|
if (srcPath.length === 0) {
|
|
result.pathname = null;
|
|
result.path = null;
|
|
} else {
|
|
result.pathname = srcPath.join("/");
|
|
}
|
|
// To support request.http
|
|
if (result.pathname !== null || result.search !== null) {
|
|
result.path = (result.pathname ? result.pathname : "") + (result.search ? result.search : "");
|
|
}
|
|
result.auth = relative.auth || result.auth;
|
|
result.slashes = result.slashes || relative.slashes;
|
|
result.href = result.format();
|
|
return result;
|
|
}
|
|
parseHost() {
|
|
let host = this.host;
|
|
const portMatch = portPattern.exec(host);
|
|
if (portMatch) {
|
|
const port = portMatch[0];
|
|
if (port !== ":") {
|
|
this.port = port.slice(1);
|
|
}
|
|
host = host.slice(0, host.length - port.length);
|
|
}
|
|
if (host) this.hostname = host;
|
|
}
|
|
}
|
|
// define these here so at least they only have to be
|
|
// compiled once on the first module load.
|
|
const protocolPattern = /^[\d+.a-z-]+:/i;
|
|
const portPattern = /:\d*$/;
|
|
const hostPattern = /^\/\/[^/@]+@[^/@]+/;
|
|
// Special case for a simple path URL
|
|
const simplePathPattern = /^(\/\/?(?!\/)[^\s?]*)(\?\S*)?$/;
|
|
// This prevents some common spoofing bugs due to our use of IDNA toASCII. For
|
|
// compatibility, the set of characters we use here is the *intersection* of
|
|
// "forbidden host code point" in the WHATWG URL Standard [1] and the
|
|
// characters in the host parsing loop in Url.prototype.parse, with the
|
|
// following additions:
|
|
//
|
|
// - ':' since this could cause a "protocol spoofing" bug
|
|
// - '@' since this could cause parts of the hostname to be confused with auth
|
|
// - '[' and ']' since this could cause a non-IPv6 hostname to be interpreted
|
|
// as IPv6 by isIpv6Hostname above
|
|
//
|
|
// [1]: https://url.spec.whatwg.org/#forbidden-host-code-point
|
|
const forbiddenHostChars = /[\0\t\n\r #%/:<>?@[\\\]^|]/;
|
|
// For IPv6, permit '[', ']', and ':'.
|
|
const forbiddenHostCharsIpv6 = /[\0\t\n\r #%/<>?@\\^|]/;
|
|
// These characters do not need escaping:
|
|
// ! - . _ ~
|
|
// ' ( ) * :
|
|
// digits
|
|
// alpha (uppercase)
|
|
// alpha (lowercase)
|
|
// prettier-ignore
|
|
const noEscapeAuth = new Int8Array([
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
1,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
0,
|
|
0,
|
|
1,
|
|
1,
|
|
0,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
1,
|
|
0,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
1,
|
|
0,
|
|
0,
|
|
0,
|
|
1,
|
|
0
|
|
]);
|
|
// Escaped characters. Use empty strings to fill up unused entries.
|
|
// Using Array is faster than Object/Map
|
|
// prettier-ignore
|
|
const escapedCodes = [
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"%09",
|
|
"%0A",
|
|
"",
|
|
"",
|
|
"%0D",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"%20",
|
|
"",
|
|
"%22",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"%27",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"%3C",
|
|
"",
|
|
"%3E",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"%5C",
|
|
"",
|
|
"%5E",
|
|
"",
|
|
"%60",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"",
|
|
"%7B",
|
|
"%7C",
|
|
"%7D"
|
|
];
|
|
const hostnameMaxLen = 255;
|
|
let urlParseWarned = false;
|
|
function urlParse(url, parseQueryString, slashesDenoteHost) {
|
|
if (!urlParseWarned) {
|
|
urlParseWarned = true;
|
|
console.warn("[DeprecationWarning] [unenv] [node:url] DEP0169: `url.parse()` behavior is not standardized and prone to " + "errors that have security implications. Use the WHATWG URL API " + "instead. CVEs are not issued for `url.parse()` vulnerabilities.");
|
|
}
|
|
if (url instanceof Url) return url;
|
|
const urlObject = new Url();
|
|
urlObject.parse(url, parseQueryString, slashesDenoteHost);
|
|
return urlObject;
|
|
}
|
|
function isIpv6Hostname(hostname) {
|
|
return String.prototype.charCodeAt.call(hostname, 0) === CHAR_LEFT_SQUARE_BRACKET && String.prototype.charCodeAt.call(hostname, hostname.length - 1) === CHAR_RIGHT_SQUARE_BRACKET;
|
|
}
|
|
let warnInvalidPort = true;
|
|
function getHostname(self, rest, hostname, url) {
|
|
for (let i = 0; i < hostname.length; ++i) {
|
|
const code = hostname.charCodeAt(i);
|
|
const isValid = code !== CHAR_FORWARD_SLASH && code !== CHAR_BACKWARD_SLASH && code !== CHAR_HASH && code !== CHAR_QUESTION_MARK && code !== CHAR_COLON;
|
|
if (!isValid) {
|
|
// If leftover starts with :, then it represents an invalid port.
|
|
// But url.parse() is lenient about it for now.
|
|
// Issue a warning and continue.
|
|
if (warnInvalidPort && code === CHAR_COLON) {
|
|
console.warn(`[DeprecationWarning] [unenv] [node:url] DEP0170: The URL ${url} is invalid. Future versions of Node.js will throw an error.`);
|
|
warnInvalidPort = false;
|
|
}
|
|
self.hostname = hostname.slice(0, i);
|
|
return `/${hostname.slice(i)}${rest}`;
|
|
}
|
|
}
|
|
return rest;
|
|
}
|
|
// Automatically escape all delimiters and unwise characters from RFC 2396.
|
|
// Also escape single quotes in case of an XSS attack.
|
|
// Return the escaped string.
|
|
function autoEscapeStr(rest) {
|
|
let escaped = "";
|
|
let lastEscapedPos = 0;
|
|
for (let i = 0; i < rest.length; ++i) {
|
|
// `escaped` contains substring up to the last escaped character.
|
|
const escapedChar = escapedCodes[rest.charCodeAt(i)];
|
|
if (escapedChar) {
|
|
// Concat if there are ordinary characters in the middle.
|
|
if (i > lastEscapedPos) escaped += rest.slice(lastEscapedPos, i);
|
|
escaped += escapedChar;
|
|
lastEscapedPos = i + 1;
|
|
}
|
|
}
|
|
if (lastEscapedPos === 0)
|
|
// Nothing has been escaped.
|
|
return rest;
|
|
// There are ordinary characters at the end.
|
|
if (lastEscapedPos < rest.length) escaped += rest.slice(lastEscapedPos);
|
|
return escaped;
|
|
}
|
|
// Format a parsed object into a url string
|
|
function urlFormat(urlObject, options) {
|
|
// Ensure it's an object, and not a string url.
|
|
// If it's an object, this is a no-op.
|
|
// this way, you can call urlParse() on strings
|
|
// to clean up potentially wonky urls.
|
|
if (typeof urlObject === "string") {
|
|
urlObject = urlParse(urlObject);
|
|
} else if (typeof urlObject !== "object" || urlObject === null) {
|
|
throw new ERR_INVALID_ARG_TYPE("urlObject", ["Object", "string"], urlObject);
|
|
} else if (urlObject instanceof URL) {
|
|
let fragment = true;
|
|
let unicode = false;
|
|
let search = true;
|
|
let auth = true;
|
|
if (options) {
|
|
// validateObject(options, "options");
|
|
if (options.fragment != null) {
|
|
fragment = Boolean(options.fragment);
|
|
}
|
|
if (options.unicode != null) {
|
|
unicode = Boolean(options.unicode);
|
|
}
|
|
if (options.search != null) {
|
|
search = Boolean(options.search);
|
|
}
|
|
if (options.auth != null) {
|
|
auth = Boolean(options.auth);
|
|
}
|
|
}
|
|
// TODO: CHECK ME! Alternative by unenv
|
|
// return bindingUrl.format(urlObject.href, fragment, unicode, search, auth);
|
|
const _url = new URL(urlObject.href);
|
|
if (!fragment) _url.hash = "";
|
|
if (!search) _url.search = "";
|
|
if (!auth) _url.username = _url.password = "";
|
|
if (unicode) {
|
|
return Url.prototype.format.call(_url);
|
|
}
|
|
return _url.href;
|
|
}
|
|
return Url.prototype.format.call(urlObject);
|
|
}
|
|
function urlResolve(source, relative) {
|
|
return urlParse(source, false, true).resolve(relative);
|
|
}
|
|
function urlResolveObject(source, relative) {
|
|
if (!source) return relative;
|
|
return urlParse(source, false, true).resolveObject(relative);
|
|
}
|
|
// When used internally, we are not obligated to associate TypeError with
|
|
// this function, so non-strings can be rejected by underlying implementation.
|
|
// Public API has to validate input and throw appropriate error.
|
|
function pathToFileURL(path, options) {
|
|
// validateString(path, "path");
|
|
return _pathToFileURL(path, options);
|
|
}
|
|
const URL = globalThis.URL;
|
|
const URLSearchParams = globalThis.URLSearchParams;
|
|
const domainToASCII = punnycode.toASCII;
|
|
const domainToUnicode = punnycode.toUnicode;
|
|
export { Url, urlParse as parse, urlResolve as resolve, urlResolveObject as resolveObject, urlFormat as format, URL, URLSearchParams, domainToASCII, domainToUnicode, pathToFileURL, fileURLToPath, urlToHttpOptions };
|
|
export default {
|
|
Url,
|
|
parse: urlParse,
|
|
resolve: urlResolve,
|
|
resolveObject: urlResolveObject,
|
|
format: urlFormat,
|
|
URL,
|
|
URLSearchParams,
|
|
domainToASCII,
|
|
domainToUnicode,
|
|
pathToFileURL,
|
|
fileURLToPath,
|
|
urlToHttpOptions
|
|
};
|