'use strict' const test = require('tape') const fastURI = require('..') test('parse marks malformed authority and port inputs as errors', (t) => { const malformedCases = [ { input: 'http://[::1]foo', expectedError: 'URI path must start with "/" when authority is present.' }, { input: 'http://[::1]:80abc/path', expectedError: 'URI path must start with "/" when authority is present.' }, { input: 'http://example.com:80abc/path', expectedError: 'URI path must start with "/" when authority is present.' }, { input: 'http://[::1]:65536', expectedError: 'URI port is malformed.' } ] t.plan(malformedCases.length) malformedCases.forEach(({ input, expectedError }) => { t.equal(fastURI.parse(input).error, expectedError, input) }) }) test('normalize does not canonicalize malformed URLs into different valid URLs', (t) => { const malformedCases = [ 'http://[::1]foo', 'http://[::1]:80abc/path', 'http://example.com:80abc/path', 'http://[::1]:65536' ] t.plan(malformedCases.length) malformedCases.forEach((input) => { t.equal(fastURI.normalize(input), input, input) }) }) test('equal returns false when either side is malformed', (t) => { const malformedPairs = [ ['http://[::1]foo', 'http://[::1]/foo'], ['http://[::1]:80abc/path', 'http://[::1]/abc/path'], ['http://example.com:80abc/path', 'http://example.com/abc/path'], ['http://[::1]:65536', 'http://[::1]:65536/'] ] t.plan(malformedPairs.length) malformedPairs.forEach(([left, right]) => { t.equal(fastURI.equal(left, right), false, `${left} != ${right}`) }) }) test('normalize preserves encoded authority delimiters in host', (t) => { const cases = [ ['http://trusted.com%40evil.com/', 'http://trusted.com%40evil.com/'], ['http://example.com%3A8080/', 'http://example.com%3A8080/'], ['http://example.com%2Fevil.com/path', 'http://example.com%2Fevil.com/path'], ['http://example.com%23fragment/path', 'http://example.com%23fragment/path'], ['http://example.com%3Fq=evil/path', 'http://example.com%3Fq=evil/path'], ['http://user%3Apass%40evil.com/', 'http://user%3Apass%40evil.com/'], ['http://user@trusted.com%40evil.com/', 'http://user@trusted.com%40evil.com/'], ['https://trusted.com%40evil.com/', 'https://trusted.com%40evil.com/'], ['ws://trusted.com%40evil.com/chat', 'ws://trusted.com%40evil.com/chat'], ['wss://trusted.com%40evil.com/chat', 'wss://trusted.com%40evil.com/chat'] ] t.plan(cases.length) cases.forEach(([input, expected]) => { t.equal(fastURI.normalize(input), expected, input) }) }) test('parse preserves encoded authority delimiters in host', (t) => { const cases = [ ['http://trusted.com%40evil.com/', 'trusted.com%40evil.com'], ['http://example.com%3A8080/', 'example.com%3A8080'], ['http://user%3Apass%40evil.com/', 'user%3Apass%40evil.com'] ] t.plan(cases.length) cases.forEach(([input, expectedHost]) => { t.equal(fastURI.parse(input).host, expectedHost, input) }) }) test('equal returns false when encoded delimiters differ from live delimiters', (t) => { const pairs = [ ['http://trusted.com%40evil.com/', 'http://trusted.com@evil.com/'], ['http://example.com%3A8080/', 'http://example.com:8080/'] ] t.plan(pairs.length) pairs.forEach(([left, right]) => { t.equal(fastURI.equal(left, right, {}), false, `${left} != ${right}`) }) }) test('resolve preserves encoded authority delimiters', (t) => { const result = fastURI.resolve('http://base.com/', '//trusted.com%40evil.com/path') const parsed = fastURI.parse(result) t.plan(1) t.notEqual(parsed.host, 'evil.com', '//trusted.com%40evil.com/path') }) test('serialize escapes authority delimiters in host field', (t) => { const result = fastURI.serialize({ scheme: 'http', host: 'trusted.com@evil.com', path: '/' }) const parsed = fastURI.parse(result) t.plan(1) t.notEqual(parsed.host, 'evil.com', 'host: trusted.com@evil.com') }) test('normalize does not double-decode %2540 into a live @', (t) => { const result = fastURI.normalize('http://trusted.com%2540evil.com/') const parsed = fastURI.parse(result) t.plan(1) t.notEqual(parsed.host, 'trusted.com@evil.com', 'http://trusted.com%2540evil.com/') })