LLRT (Low Latency Runtime) is an experimental, lightweight JavaScript runtime designed to address the growing demand for fast and efficient Serverless applications.
url.parse() uses a lenient, non-standard algorithm for parsing URL strings. It is prone to security issues such as host name spoofing and incorrect handling of usernames and passwords. Do not use with untrusted input. CVEs are not issued for url.parse() vulnerabilities. Use the WHATWG URL API instead.
Issue # (if available)
https://github.com/awslabs/llrt/issues/214
Description of changes
Adopt WHATWG URL Spec for ESM import syntax: https://nodejs.org/api/url.html#new-urlinput-base
Also noticed there was a bug in
URL.canParse()and fixed it.Caveats
Original ticket: https://github.com/awslabs/llrt/issues/195 requested
URL.parsehowever this has been deprecated, https://nodejs.org/api/url.html#urlparseurlstring-parsequerystring-slashesdenotehost,though it does seem to be used fairly widely, a succinct description of the situation is here: https://github.com/nodejs/node/issues/12682#issuecomment-736510378
along with discussion within WHATWG here: https://github.com/whatwg/url/issues/531
Future work
urlmodule helper functions: https://nodejs.org/api/url.html#urldomaintoasciidomain https://nodejs.org/api/url.html#urldomaintounicodedomain https://nodejs.org/api/url.html#urlfileurltopathurl https://nodejs.org/api/url.html#urlpathtofileurlpath https://nodejs.org/api/url.html#urlurltohttpoptionsurlURLSearchParams.sort()andURLSearchParams.keys()URL.toJSON()is needed and implement if it is.Checklist
tests/unitand/or in Rust for my feature if neededmake fixto format JS and apply Clippy auto fixesmake checkBy submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.