LLRT (Low Latency Runtime) is an experimental, lightweight JavaScript runtime designed to address the growing demand for fast and efficient Serverless applications.
url.parse() uses a lenient, non-standard algorithm for parsing URL strings. It is prone to security issues such as host name spoofing and incorrect handling of usernames and passwords. Do not use with untrusted input. CVEs are not issued for url.parse() vulnerabilities. Use the WHATWG URL API instead.
Issue # (if available)
https://github.com/awslabs/llrt/issues/214
Description of changes
Adopt WHATWG URL Spec for ESM import syntax: https://nodejs.org/api/url.html#new-urlinput-base
Also noticed there was a bug in
URL.canParse()
and fixed it.Caveats
Original ticket: https://github.com/awslabs/llrt/issues/195 requested
URL.parse
however this has been deprecated, https://nodejs.org/api/url.html#urlparseurlstring-parsequerystring-slashesdenotehost,though it does seem to be used fairly widely, a succinct description of the situation is here: https://github.com/nodejs/node/issues/12682#issuecomment-736510378
along with discussion within WHATWG here: https://github.com/whatwg/url/issues/531
Future work
url
module helper functions: https://nodejs.org/api/url.html#urldomaintoasciidomain https://nodejs.org/api/url.html#urldomaintounicodedomain https://nodejs.org/api/url.html#urlfileurltopathurl https://nodejs.org/api/url.html#urlpathtofileurlpath https://nodejs.org/api/url.html#urlurltohttpoptionsurlURLSearchParams.sort()
andURLSearchParams.keys()
URL.toJSON()
is needed and implement if it is.Checklist
tests/unit
and/or in Rust for my feature if neededmake fix
to format JS and apply Clippy auto fixesmake check
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.