mirror of
https://github.com/nodejs/node.git
synced 2024-11-24 20:29:23 +01:00
url: runtime deprecate url.parse
PR-URL: https://github.com/nodejs/node/pull/55017 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
This commit is contained in:
parent
c124cfb4fa
commit
11fbdd8c9d
@ -3453,6 +3453,10 @@ Node-API callbacks.
|
||||
|
||||
<!-- YAML
|
||||
changes:
|
||||
- version:
|
||||
- REPLACEME
|
||||
pr-url: https://github.com/nodejs/node/pull/55017
|
||||
description: Application deprecation.
|
||||
- version:
|
||||
- v19.9.0
|
||||
- v18.17.0
|
||||
@ -3465,7 +3469,7 @@ changes:
|
||||
description: Documentation-only deprecation.
|
||||
-->
|
||||
|
||||
Type: Documentation-only (supports [`--pending-deprecation`][])
|
||||
Type: Application (non-`node_modules` code only)
|
||||
|
||||
[`url.parse()`][] behavior is not standardized and prone to errors that
|
||||
have security implications. Use the [WHATWG URL API][] instead. CVEs are not
|
||||
|
@ -46,6 +46,7 @@ const {
|
||||
// This ensures setURLConstructor() is called before the native
|
||||
// URL::ToObject() method is used.
|
||||
const { spliceOne } = require('internal/util');
|
||||
const { isInsideNodeModules } = internalBinding('util');
|
||||
|
||||
// WHATWG URL implementation provided by internal/url
|
||||
const {
|
||||
@ -63,8 +64,6 @@ const {
|
||||
|
||||
const bindingUrl = internalBinding('url');
|
||||
|
||||
const { getOptionValue } = require('internal/options');
|
||||
|
||||
// Original url.parse() API
|
||||
|
||||
function Url() {
|
||||
@ -125,7 +124,7 @@ const {
|
||||
let urlParseWarned = false;
|
||||
|
||||
function urlParse(url, parseQueryString, slashesDenoteHost) {
|
||||
if (!urlParseWarned && getOptionValue('--pending-deprecation')) {
|
||||
if (!urlParseWarned && !isInsideNodeModules(100, true)) {
|
||||
urlParseWarned = true;
|
||||
process.emitWarning(
|
||||
'`url.parse()` behavior is not standardized and prone to ' +
|
||||
|
@ -90,12 +90,12 @@ if (common.hasIntl) {
|
||||
});
|
||||
|
||||
// Warning should only happen once per process.
|
||||
const expectedWarning = [
|
||||
`The URL ${badURLs[0]} is invalid. Future versions of Node.js will throw an error.`,
|
||||
'DEP0170',
|
||||
];
|
||||
common.expectWarning({
|
||||
DeprecationWarning: expectedWarning,
|
||||
DeprecationWarning: {
|
||||
// eslint-disable-next-line @stylistic/js/max-len
|
||||
DEP0169: '`url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.',
|
||||
DEP0170: `The URL ${badURLs[0]} is invalid. Future versions of Node.js will throw an error.`,
|
||||
},
|
||||
});
|
||||
badURLs.forEach((badURL) => {
|
||||
url.parse(badURL);
|
||||
|
1
typings/internalBinding/util.d.ts
vendored
1
typings/internalBinding/util.d.ts
vendored
@ -45,4 +45,5 @@ export interface UtilBinding {
|
||||
guessHandleType(fd: number): 'TCP' | 'TTY' | 'UDP' | 'FILE' | 'PIPE' | 'UNKNOWN';
|
||||
parseEnv(content: string): Record<string, string>;
|
||||
styleText(format: Array<string> | string, text: string): string;
|
||||
isInsideNodeModules(frameLimit: number, defaultValue: unknown): boolean;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user