feat(isURL): add option to reject email-like URLs (#901)

validatorjs · Oct 11, 2018 · 8c4a74c · 8c4a74c
1 parent f065477
commit 8c4a74c
Show file tree

Hide file tree

Showing 6 changed files with 25 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -113,7 +113,7 @@ Validator                               | Description
 **isPort(str)**                         | check if the string is a valid port number.
 **isPostalCode(str, locale)**           | check if the string is a postal code,<br/><br/>(locale is one of `[ 'AD', 'AT', 'AU', 'BE', 'BG', 'CA', 'CH', 'CZ', 'DE', 'DK', 'DZ', 'EE', 'ES', 'FI', 'FR', 'GB', 'GR', 'HR', 'HU', 'IL', 'IN', 'IS', 'IT', 'JP', 'KE', 'LI', 'LT', 'LU', 'LV', 'MX', 'NL', 'NO', 'PL', 'PT', 'RO', 'RU', 'SA', 'SE', 'SI', 'TN', 'TW', 'US', 'ZA', 'ZM' ]` OR 'any'. If 'any' is used, function will check if any of the locals match. Locale list is `validator.isPostalCodeLocales`.).
 **isSurrogatePair(str)**                | check if the string contains any surrogate pairs chars.
-**isURL(str [, options])**              | check if the string is an URL.<br/><br/>`options` is an object which defaults to `{ protocols: ['http','https','ftp'], require_tld: true, require_protocol: false, require_host: true, require_valid_protocol: true, allow_underscores: false, host_whitelist: false, host_blacklist: false, allow_trailing_dot: false, allow_protocol_relative_urls: false }`.
+**isURL(str [, options])**              | check if the string is an URL.<br/><br/>`options` is an object which defaults to `{ protocols: ['http','https','ftp'], require_tld: true, require_protocol: false, require_host: true, require_valid_protocol: true, allow_underscores: false, host_whitelist: false, host_blacklist: false, allow_trailing_dot: false, allow_protocol_relative_urls: false, disallow_auth: false }`.
 **isUUID(str [, version])**             | check if the string is a UUID (version 3, 4 or 5).
 **isUppercase(str)**                    | check if the string is uppercase.
 **isVariableWidth(str)**                | check if the string contains a mixture of full and half-width chars.

diff --git a/lib/isURL.js b/lib/isURL.js
@@ -103,6 +103,9 @@ function isURL(url, options) {
 
   split = url.split('@');
   if (split.length > 1) {
+    if (options.disallow_auth) {
+      return false;
+    }
     auth = split.shift();
     if (auth.indexOf(':') >= 0 && auth.split(':').length > 2) {
       return false;

diff --git a/src/lib/isURL.js b/src/lib/isURL.js
@@ -77,6 +77,9 @@ export default function isURL(url, options) {
 
   split = url.split('@');
   if (split.length > 1) {
+    if (options.disallow_auth) {
+      return false;
+    }
     auth = split.shift();
     if (auth.indexOf(':') >= 0 && auth.split(':').length > 2) {
       return false;

diff --git a/test/validators.js b/test/validators.js
@@ -580,6 +580,20 @@ describe('Validators', () => {
     });
   });
 
+  it('should allow rejecting urls containing authentication information', () => {
+    test({
+      validator: 'isURL',
+      args: [{ disallow_auth: true }],
+      valid: [
+        'doe.com',
+      ],
+      invalid: [
+        '[email protected]',
+        'john:[email protected]',
+      ],
+    });
+  });
+
   it('should validate MAC addresses', () => {
     test({
       validator: 'isMACAddress',

diff --git a/validator.js b/validator.js
@@ -434,6 +434,9 @@ function isURL(url, options) {
 
   split = url.split('@');
   if (split.length > 1) {
+    if (options.disallow_auth) {
+      return false;
+    }
     auth = split.shift();
     if (auth.indexOf(':') >= 0 && auth.split(':').length > 2) {
       return false;

diff --git a/validator.min.js b/validator.min.js