Skip to content

Commit

Permalink
Reject protocol relative URLs unless the flag is set, fixes #860
Browse files Browse the repository at this point in the history
  • Loading branch information
chriso committed Jul 31, 2018
1 parent 5733145 commit ae81250
Show file tree
Hide file tree
Showing 6 changed files with 16 additions and 4 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@
([#848](https://github.com/chriso/validator.js/pull/848))
- Added a `no_colons` option to `isMACAddress()`
([#849](https://github.com/chriso/validator.js/pull/849))
- Updated `isURL()` to reject protocol relative URLs unless a flag is set
([#860](https://github.com/chriso/validator.js/issues/860))
- New and improved locales
([#801](https://github.com/chriso/validator.js/pull/801),
[#856](https://github.com/chriso/validator.js/pull/856),
Expand Down
5 changes: 4 additions & 1 deletion lib/isURL.js
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,10 @@ function isURL(url, options) {
}
} else if (options.require_protocol) {
return false;
} else if (options.allow_protocol_relative_urls && url.substr(0, 2) === '//') {
} else if (url.substr(0, 2) === '//') {
if (!options.allow_protocol_relative_urls) {
return false;
}
split[0] = url.substr(2);
}
url = split.join('://');
Expand Down
5 changes: 4 additions & 1 deletion src/lib/isURL.js
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,10 @@ export default function isURL(url, options) {
}
} else if (options.require_protocol) {
return false;
} else if (options.allow_protocol_relative_urls && url.substr(0, 2) === '//') {
} else if (url.substr(0, 2) === '//') {
if (!options.allow_protocol_relative_urls) {
return false;
}
split[0] = url.substr(2);
}
url = split.join('://');
Expand Down
1 change: 1 addition & 0 deletions test/validators.js
Original file line number Diff line number Diff line change
Expand Up @@ -302,6 +302,7 @@ describe('Validators', () => {
],
invalid: [
'http://localhost:3000/',
'//foobar.com',
'xyz://foobar.com',
'invalid/',
'invalid.x',
Expand Down
5 changes: 4 additions & 1 deletion validator.js
Original file line number Diff line number Diff line change
Expand Up @@ -402,7 +402,10 @@ function isURL(url, options) {
}
} else if (options.require_protocol) {
return false;
} else if (options.allow_protocol_relative_urls && url.substr(0, 2) === '//') {
} else if (url.substr(0, 2) === '//') {
if (!options.allow_protocol_relative_urls) {
return false;
}
split[0] = url.substr(2);
}
url = split.join('://');
Expand Down
2 changes: 1 addition & 1 deletion validator.min.js

Large diffs are not rendered by default.

0 comments on commit ae81250

Please sign in to comment.