Reject non-IPv4 hostnames that end in numbers

Follows whatwg/url#619.
jsdom · Jul 14, 2021 · 424bdbb · 424bdbb
1 parent a96b4f9
commit 424bdbb
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 9 deletions.
diff --git a/scripts/get-latest-platform-tests.js b/scripts/get-latest-platform-tests.js
@@ -23,7 +23,7 @@ process.on("unhandledRejection", err => {
 // 1. Go to https://github.com/w3c/web-platform-tests/tree/master/url
 // 2. Press "y" on your keyboard to get a permalink
 // 3. Copy the commit hash
-const commitHash = "706f8d143464de7d923dab391f3eab2469f042ae";
+const commitHash = "9d773b01a8b0461a96671140a640e85a3d02fb9a";
 
 const urlPrefix = `https://raw.githubusercontent.com/web-platform-tests/wpt/${commitHash}/url/`;
 const targetDir = path.resolve(__dirname, "..", "test", "web-platform-tests");

diff --git a/src/url-state-machine.js b/src/url-state-machine.js
@@ -77,6 +77,10 @@ function defaultPort(scheme) {
 }
 
 function parseIPv4Number(input) {
+  if (input === "") {
+    return failure;
+  }
+
   let R = 10;
 
   if (input.length >= 2 && input.charAt(0) === "0" && input.charAt(1).toLowerCase() === "x") {
@@ -115,17 +119,14 @@ function parseIPv4(input) {
   }
 
   if (parts.length > 4) {
-    return input;
+    return failure;
   }
 
   const numbers = [];
   for (const part of parts) {
-    if (part === "") {
-      return input;
-    }
     const n = parseIPv4Number(part);
     if (n === failure) {
-      return input;
+      return failure;
     }
 
     numbers.push(n);
@@ -347,14 +348,34 @@ function parseHost(input, isNotSpecialArg = false) {
     return failure;
   }
 
-  const ipv4Host = parseIPv4(asciiDomain);
-  if (typeof ipv4Host === "number" || ipv4Host === failure) {
-    return ipv4Host;
+  if (endsInANumber(asciiDomain)) {
+    return parseIPv4(asciiDomain);
   }
 
   return asciiDomain;
 }
 
+function endsInANumber(input) {
+  const parts = input.split(".");
+  if (parts[parts.length - 1] === "") {
+    if (parts.length === 1) {
+      return false;
+    }
+    parts.pop();
+  }
+
+  const last = parts[parts.length - 1];
+  if (parseIPv4Number(last) !== failure) {
+    return true;
+  }
+
+  if (/^[0-9]+$/u.test(last)) {
+    return true;
+  }
+
+  return false;
+}
+
 function parseOpaqueHost(input) {
   if (containsForbiddenHostCodePointExcludingPercent(input)) {
     return failure;