Browse Source

url: ~ is not actually an unwise char

v0.11.1-release
isaacs 12 years ago
parent
commit
881ef7cc5f
  1. 2
      lib/url.js
  2. 6
      test/simple/test-url.js

2
lib/url.js

@ -54,7 +54,7 @@ var protocolPattern = /^([a-z0-9.+-]+:)/i,
delims = ['<', '>', '"', '`', ' ', '\r', '\n', '\t'],
// RFC 2396: characters not allowed for various reasons.
unwise = ['{', '}', '|', '\\', '^', '~', '`'].concat(delims),
unwise = ['{', '}', '|', '\\', '^', '`'].concat(delims),
// Allowed by RFCs, but cause of XSS attacks. Always escape these.
autoEscape = ['\''].concat(unwise),

6
test/simple/test-url.js

@ -747,9 +747,9 @@ var parseTests = {
host: 'x:1',
port: '1',
hostname: 'x',
pathname: '/%27%20%3C%3E%22%60/%7B%7D%7C%5C%5E%7E%60/',
path: '/%27%20%3C%3E%22%60/%7B%7D%7C%5C%5E%7E%60/',
href: 'http://x:1/%27%20%3C%3E%22%60/%7B%7D%7C%5C%5E%7E%60/'
pathname: '/%27%20%3C%3E%22%60/%7B%7D%7C%5C%5E~%60/',
path: '/%27%20%3C%3E%22%60/%7B%7D%7C%5C%5E~%60/',
href: 'http://x:1/%27%20%3C%3E%22%60/%7B%7D%7C%5C%5E~%60/'
},
};

Loading…
Cancel
Save