|
@ -57,13 +57,12 @@ var protocolPattern = /^([a-z0-9.+-]+:)/i, |
|
|
unwise = ['{', '}', '|', '\\', '^', '~', '`'].concat(delims), |
|
|
unwise = ['{', '}', '|', '\\', '^', '~', '`'].concat(delims), |
|
|
|
|
|
|
|
|
// Allowed by RFCs, but cause of XSS attacks. Always escape these.
|
|
|
// Allowed by RFCs, but cause of XSS attacks. Always escape these.
|
|
|
autoEscape = ['\''].concat(delims), |
|
|
autoEscape = ['\''].concat(unwise), |
|
|
// Characters that are never ever allowed in a hostname.
|
|
|
// Characters that are never ever allowed in a hostname.
|
|
|
// Note that any invalid chars are also handled, but these
|
|
|
// Note that any invalid chars are also handled, but these
|
|
|
// are the ones that are *expected* to be seen, so we fast-path
|
|
|
// are the ones that are *expected* to be seen, so we fast-path
|
|
|
// them.
|
|
|
// them.
|
|
|
nonHostChars = ['%', '/', '?', ';', '#'] |
|
|
nonHostChars = ['%', '/', '?', ';', '#'].concat(autoEscape), |
|
|
.concat(unwise).concat(autoEscape), |
|
|
|
|
|
nonAuthChars = ['/', '@', '?', '#'].concat(delims), |
|
|
nonAuthChars = ['/', '@', '?', '#'].concat(delims), |
|
|
hostnameMaxLen = 255, |
|
|
hostnameMaxLen = 255, |
|
|
hostnamePartPattern = /^[a-z0-9A-Z_-]{0,63}$/, |
|
|
hostnamePartPattern = /^[a-z0-9A-Z_-]{0,63}$/, |
|
|