Home Verkennen Help
Inloggen
agibalov
/
cursach
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Boom: d1106a4bc7
Aftakkingen Labels
cursach
/
AdelApp-master
/
Api
/
node_modules
/
validator
/
es
/
lib
/
isURL.js

isURL.js 10 KB
Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241 
  1. function _slicedToArray(r, e) { return _arrayWithHoles(r) || _iterableToArrayLimit(r, e) || _unsupportedIterableToArray(r, e) || _nonIterableRest(); }
    2. 

  2. function _nonIterableRest() { throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); }
    3. 

  3. function _unsupportedIterableToArray(r, a) { if (r) { if ("string" == typeof r) return _arrayLikeToArray(r, a); var t = {}.toString.call(r).slice(8, -1); return "Object" === t && r.constructor && (t = r.constructor.name), "Map" === t || "Set" === t ? Array.from(r) : "Arguments" === t || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(t) ? _arrayLikeToArray(r, a) : void 0; } }
    4. 

  4. function _arrayLikeToArray(r, a) { (null == a || a > r.length) && (a = r.length); for (var e = 0, n = Array(a); e < a; e++) n[e] = r[e]; return n; }
    5. 

  5. function _iterableToArrayLimit(r, l) { var t = null == r ? null : "undefined" != typeof Symbol && r[Symbol.iterator] || r["@@iterator"]; if (null != t) { var e, n, i, u, a = [], f = !0, o = !1; try { if (i = (t = t.call(r)).next, 0 === l) { if (Object(t) !== t) return; f = !1; } else for (; !(f = (e = i.call(t)).done) && (a.push(e.value), a.length !== l); f = !0); } catch (r) { o = !0, n = r; } finally { try { if (!f && null != t["return"] && (u = t["return"](), Object(u) !== u)) return; } finally { if (o) throw n; } } return a; } }
    6. 

  6. function _arrayWithHoles(r) { if (Array.isArray(r)) return r; }
    7. 

  7. import assertString from './util/assertString';
    8. 

  8. import checkHost from './util/checkHost';
    9. 

  9. import includes from './util/includesString';
    10. 

  10. import isFQDN from './isFQDN';
    11. 

  11. import isIP from './isIP';
    12. 

  12. import merge from './util/merge';
    13. 

  13. 

  14. /*
    15. 

  15. options for isURL method
    16. 

  16. 

  17. protocols - valid protocols can be modified with this option.
    18. 

  18. require_tld - If set to false isURL will not check if the URL's host includes a top-level domain.
    19. 

  19. require_protocol - if set to true isURL will return false if protocol is not present in the URL.
    20. 

  20. require_host - if set to false isURL will not check if host is present in the URL.
    21. 

  21. require_port - if set to true isURL will check if port is present in the URL.
    22. 

  22. require_valid_protocol - isURL will check if the URL's protocol is present in the protocols option.
    23. 

  23. allow_underscores - if set to true, the validator will allow underscores in the URL.
    24. 

  24. host_whitelist - if set to an array of strings or regexp, and the domain matches none of the strings
    25. 

  25.                  defined in it, the validation fails.
    26. 

  26. host_blacklist - if set to an array of strings or regexp, and the domain matches any of the strings
    27. 

  27.                  defined in it, the validation fails.
    28. 

  28. allow_trailing_dot - if set to true, the validator will allow the domain to end with
    29. 

  29.                      a `.` character.
    30. 

  30. allow_protocol_relative_urls - if set to true protocol relative URLs will be allowed.
    31. 

  31. allow_fragments - if set to false isURL will return false if fragments are present.
    32. 

  32. allow_query_components - if set to false isURL will return false if query components are present.
    33. 

  33. disallow_auth - if set to true, the validator will fail if the URL contains an authentication
    34. 

  34.                 component, e.g. `http://username:password@example.com`
    35. 

  35. validate_length - if set to false isURL will skip string length validation. `max_allowed_length`
    36. 

  36.                   will be ignored if this is set as `false`.
    37. 

  37. max_allowed_length - if set, isURL will not allow URLs longer than the specified value (default is
    38. 

  38.                      2084 that IE maximum URL length).
    39. 

  39. 

  40. */
    41. 

  41. 

  42. var default_url_options = {
    43. 

  43.   protocols: ['http', 'https', 'ftp'],
    44. 

  44.   require_tld: true,
    45. 

  45.   require_protocol: false,
    46. 

  46.   require_host: true,
    47. 

  47.   require_port: false,
    48. 

  48.   require_valid_protocol: true,
    49. 

  49.   allow_underscores: false,
    50. 

  50.   allow_trailing_dot: false,
    51. 

  51.   allow_protocol_relative_urls: false,
    52. 

  52.   allow_fragments: true,
    53. 

  53.   allow_query_components: true,
    54. 

  54.   validate_length: true,
    55. 

  55.   max_allowed_length: 2084
    56. 

  56. };
    57. 

  57. var wrapped_ipv6 = /^\[([^\]]+)\](?::([0-9]+))?$/;
    58. 

  58. export default function isURL(url, options) {
    59. 

  59.   assertString(url);
    60. 

  60.   if (!url || /[\s<>]/.test(url)) {
    61. 

  61.     return false;
    62. 

  62.   }
    63. 

  63.   if (url.indexOf('mailto:') === 0) {
    64. 

  64.     return false;
    65. 

  65.   }
    66. 

  66.   options = merge(options, default_url_options);
    67. 

  67.   if (options.validate_length && url.length > options.max_allowed_length) {
    68. 

  68.     return false;
    69. 

  69.   }
    70. 

  70.   if (!options.allow_fragments && includes(url, '#')) {
    71. 

  71.     return false;
    72. 

  72.   }
    73. 

  73.   if (!options.allow_query_components && (includes(url, '?') || includes(url, '&'))) {
    74. 

  74.     return false;
    75. 

  75.   }
    76. 

  76.   var protocol, auth, host, hostname, port, port_str, split, ipv6;
    77. 

  77.   split = url.split('#');
    78. 

  78.   url = split.shift();
    79. 

  79.   split = url.split('?');
    80. 

  80.   url = split.shift();
    81. 

  81. 

  82.   // Replaced the 'split("://")' logic with a regex to match the protocol.
    83. 

  83.   // This correctly identifies schemes like `javascript:` which don't use `//`.
    84. 

  84.   // However, we need to be careful not to confuse authentication credentials (user:password@host)
    85. 

  85.   // with protocols. A colon before an @ symbol might be part of auth, not a protocol separator.
    86. 

  86.   var protocol_match = url.match(/^([a-z][a-z0-9+\-.]*):/i);
    87. 

  87.   var had_explicit_protocol = false;
    88. 

  88.   var cleanUpProtocol = function cleanUpProtocol(potential_protocol) {
    89. 

  89.     had_explicit_protocol = true;
    90. 

  90.     protocol = potential_protocol.toLowerCase();
    91. 

  91.     if (options.require_valid_protocol && options.protocols.indexOf(protocol) === -1) {
    92. 

  92.       // The identified protocol is not in the allowed list.
    93. 

  93.       return false;
    94. 

  94.     }
    95. 

  95. 

  96.     // Remove the protocol from the URL string.
    97. 

  97.     return url.substring(protocol_match[0].length);
    98. 

  98.   };
    99. 

  99.   if (protocol_match) {
    100. 

  100.     var potential_protocol = protocol_match[1];
    101. 

  101.     var after_colon = url.substring(protocol_match[0].length);
    102. 

  102. 

  103.     // Check if what follows looks like authentication credentials (user:password@host)
    104. 

  104.     // rather than a protocol. This happens when:
    105. 

  105.     // 1. There's no `//` after the colon (protocols like `http://` have this)
    106. 

  106.     // 2. There's an `@` symbol before any `/`
    107. 

  107.     // 3. The part before `@` contains only valid auth characters (alphanumeric, -, _, ., %, :)
    108. 

  108.     var starts_with_slashes = after_colon.slice(0, 2) === '//';
    109. 

  109.     if (!starts_with_slashes) {
    110. 

  110.       var first_slash_position = after_colon.indexOf('/');
    111. 

  111.       var before_slash = first_slash_position === -1 ? after_colon : after_colon.substring(0, first_slash_position);
    112. 

  112.       var at_position = before_slash.indexOf('@');
    113. 

  113.       if (at_position !== -1) {
    114. 

  114.         var before_at = before_slash.substring(0, at_position);
    115. 

  115.         var valid_auth_regex = /^[a-zA-Z0-9\-_.%:]*$/;
    116. 

  116.         var is_valid_auth = valid_auth_regex.test(before_at);
    117. 

  117. 

  118.         // Check if this contains URL-encoded content that could be malicious
    119. 

  119.         // For example: javascript:%61%6c%65%72%74%28%31%29@example.com
    120. 

  120.         // The encoded part decodes to: alert(1)
    121. 

  121.         var has_encoded_content = /%[0-9a-fA-F]{2}/.test(before_at);
    122. 

  122.         if (is_valid_auth && !has_encoded_content) {
    123. 

  123.           // This looks like authentication (e.g., user:password@host), not a protocol
    124. 

  124.           if (options.require_protocol) {
    125. 

  125.             return false;
    126. 

  126.           }
    127. 

  127. 

  128.           // Don't consume the colon; let the auth parsing handle it later
    129. 

  129.         } else {
    130. 

  130.           // This looks like a malicious protocol (e.g., javascript:alert();@host)
    131. 

  131.           // or URL-encoded protocol handler (e.g., javascript:%61%6c%65%72%74%28%31%29@host)
    132. 

  132.           url = cleanUpProtocol(potential_protocol);
    133. 

  133.           if (url === false) {
    134. 

  134.             return false;
    135. 

  135.           }
    136. 

  136.         }
    137. 

  137.       } else {
    138. 

  138.         // No @ symbol found. Check if this could be a port number instead of a protocol.
    139. 

  139.         // If what's after the colon is numeric (or starts with a digit and contains only
    140. 

  140.         // valid port characters until a path separator), it's likely hostname:port, not a protocol.
    141. 

  141.         var looks_like_port = /^[0-9]/.test(after_colon);
    142. 

  142.         if (looks_like_port) {
    143. 

  143.           // This looks like hostname:port, not a protocol
    144. 

  144.           if (options.require_protocol) {
    145. 

  145.             return false;
    146. 

  146.           }
    147. 

  147.           // Don't consume anything; let it be parsed as hostname:port
    148. 

  148.         } else {
    149. 

  149.           // This is definitely a protocol
    150. 

  150.           url = cleanUpProtocol(potential_protocol);
    151. 

  151.           if (url === false) {
    152. 

  152.             return false;
    153. 

  153.           }
    154. 

  154.         }
    155. 

  155.       }
    156. 

  156.     } else {
    157. 

  157.       // Starts with '//', this is definitely a protocol like http://
    158. 

  158.       url = cleanUpProtocol(potential_protocol);
    159. 

  159.       if (url === false) {
    160. 

  160.         return false;
    161. 

  161.       }
    162. 

  162.     }
    163. 

  163.   } else if (options.require_protocol) {
    164. 

  164.     return false;
    165. 

  165.   }
    166. 

  166. 

  167.   // Handle leading '//' only as protocol-relative when there was NO explicit protocol.
    168. 

  168.   // If there was an explicit protocol, '//' is the normal separator
    169. 

  169.   // and should be stripped unconditionally.
    170. 

  170.   if (url.slice(0, 2) === '//') {
    171. 

  171.     if (!had_explicit_protocol && !options.allow_protocol_relative_urls) {
    172. 

  172.       return false;
    173. 

  173.     }
    174. 

  174.     url = url.slice(2);
    175. 

  175.   }
    176. 

  176.   if (url === '') {
    177. 

  177.     return false;
    178. 

  178.   }
    179. 

  179.   split = url.split('/');
    180. 

  180.   url = split.shift();
    181. 

  181.   if (url === '' && !options.require_host) {
    182. 

  182.     return true;
    183. 

  183.   }
    184. 

  184.   split = url.split('@');
    185. 

  185.   if (split.length > 1) {
    186. 

  186.     if (options.disallow_auth) {
    187. 

  187.       return false;
    188. 

  188.     }
    189. 

  189.     if (split[0] === '') {
    190. 

  190.       return false;
    191. 

  191.     }
    192. 

  192.     auth = split.shift();
    193. 

  193.     if (auth.indexOf(':') >= 0 && auth.split(':').length > 2) {
    194. 

  194.       return false;
    195. 

  195.     }
    196. 

  196.     var _auth$split = auth.split(':'),
    197. 

  197.       _auth$split2 = _slicedToArray(_auth$split, 2),
    198. 

  198.       user = _auth$split2[0],
    199. 

  199.       password = _auth$split2[1];
    200. 

  200.     if (user === '' && password === '') {
    201. 

  201.       return false;
    202. 

  202.     }
    203. 

  203.   }
    204. 

  204.   hostname = split.join('@');
    205. 

  205.   port_str = null;
    206. 

  206.   ipv6 = null;
    207. 

  207.   var ipv6_match = hostname.match(wrapped_ipv6);
    208. 

  208.   if (ipv6_match) {
    209. 

  209.     host = '';
    210. 

  210.     ipv6 = ipv6_match[1];
    211. 

  211.     port_str = ipv6_match[2] || null;
    212. 

  212.   } else {
    213. 

  213.     split = hostname.split(':');
    214. 

  214.     host = split.shift();
    215. 

  215.     if (split.length) {
    216. 

  216.       port_str = split.join(':');
    217. 

  217.     }
    218. 

  218.   }
    219. 

  219.   if (port_str !== null && port_str.length > 0) {
    220. 

  220.     port = parseInt(port_str, 10);
    221. 

  221.     if (!/^[0-9]+$/.test(port_str) || port <= 0 || port > 65535) {
    222. 

  222.       return false;
    223. 

  223.     }
    224. 

  224.   } else if (options.require_port) {
    225. 

  225.     return false;
    226. 

  226.   }
    227. 

  227.   if (options.host_whitelist) {
    228. 

  228.     return checkHost(host, options.host_whitelist);
    229. 

  229.   }
    230. 

  230.   if (host === '' && !options.require_host) {
    231. 

  231.     return true;
    232. 

  232.   }
    233. 

  233.   if (!isIP(host) && !isFQDN(host, options) && (!ipv6 || !isIP(ipv6, 6))) {
    234. 

  234.     return false;
    235. 

  235.   }
    236. 

  236.   host = host || ipv6;
    237. 

  237.   if (options.host_blacklist && checkHost(host, options.host_blacklist)) {
    238. 

  238.     return false;
    239. 

  239.   }
    240. 

  240.   return true;
    241. 

  241. }
    242.