search

spamscanner / url-regex-safe

Regular expression matching for URL's. Maintained, safe, and browser-friendly version of url-regex. Resolves CVE-2020-7661 for Node.js servers.
https://forwardemail.net/docs/url-regex-javascript-node-js
MIT License
79 stars 16 forks source link

Invalid port #12

Closed issue-submission closed 9 months ago

issue-submission commented 2 years ago

Hi,

It seems that the regular expression considers as valid URLs containing a port that is not valid. For example: http://localhost:99999 or https://www.iana.org:65536.

pjotrsavitski commented 2 years ago

It seems that a few suggestions could be found here. Not sure how much would that affect the matching speed.

I suppose that this package is not trying to validate if the URL address in that much detail.

titanism commented 9 months ago

validator.isURL or another URL validator should be used on matches - however we'd welcome a PR to fix this and then would do a major semver bump on release to npm/GitHub