daohualiuxiang
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

url: ~ is not actually an unwise char

pull/35604/head
isaacs 2013-04-12 16:27:42 -07:00
parent 17a379ec39
commit 881ef7cc5f
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/url.js
View File

@ -54,7 +54,7 @@ var protocolPattern = /^([a-z0-9.+-]+:)/i,
delims = ['<', '>', '"', '`', ' ', '\r', '\n', '\t'], delims = ['<', '>', '"', '`', ' ', '\r', '\n', '\t'],
// RFC 2396: characters not allowed for various reasons. // RFC 2396: characters not allowed for various reasons.
unwise = ['{', '}', '|', '\\', '^', '~', '`'].concat(delims), unwise = ['{', '}', '|', '\\', '^', '`'].concat(delims),
// Allowed by RFCs, but cause of XSS attacks. Always escape these. // Allowed by RFCs, but cause of XSS attacks. Always escape these.
autoEscape = ['\''].concat(unwise), autoEscape = ['\''].concat(unwise),

6
test/simple/test-url.js
View File

@ -747,9 +747,9 @@ var parseTests = {
host: 'x:1', host: 'x:1',
port: '1', port: '1',
hostname: 'x', hostname: 'x',
pathname: '/%27%20%3C%3E%22%60/%7B%7D%7C%5C%5E%7E%60/', pathname: '/%27%20%3C%3E%22%60/%7B%7D%7C%5C%5E~%60/',
path: '/%27%20%3C%3E%22%60/%7B%7D%7C%5C%5E%7E%60/', path: '/%27%20%3C%3E%22%60/%7B%7D%7C%5C%5E~%60/',
href: 'http://x:1/%27%20%3C%3E%22%60/%7B%7D%7C%5C%5E%7E%60/' href: 'http://x:1/%27%20%3C%3E%22%60/%7B%7D%7C%5C%5E~%60/'
}, },
}; };