0
0
mirror of https://github.com/nodejs/node.git synced 2024-11-24 12:10:08 +01:00

url: runtime deprecate url.parse

PR-URL: https://github.com/nodejs/node/pull/55017
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit is contained in:
Yagiz Nizipli 2024-10-20 15:01:37 -04:00 committed by GitHub
parent c124cfb4fa
commit 11fbdd8c9d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 13 additions and 9 deletions

View File

@ -3453,6 +3453,10 @@ Node-API callbacks.
<!-- YAML
changes:
- version:
- REPLACEME
pr-url: https://github.com/nodejs/node/pull/55017
description: Application deprecation.
- version:
- v19.9.0
- v18.17.0
@ -3465,7 +3469,7 @@ changes:
description: Documentation-only deprecation.
-->
Type: Documentation-only (supports [`--pending-deprecation`][])
Type: Application (non-`node_modules` code only)
[`url.parse()`][] behavior is not standardized and prone to errors that
have security implications. Use the [WHATWG URL API][] instead. CVEs are not

View File

@ -46,6 +46,7 @@ const {
// This ensures setURLConstructor() is called before the native
// URL::ToObject() method is used.
const { spliceOne } = require('internal/util');
const { isInsideNodeModules } = internalBinding('util');
// WHATWG URL implementation provided by internal/url
const {
@ -63,8 +64,6 @@ const {
const bindingUrl = internalBinding('url');
const { getOptionValue } = require('internal/options');
// Original url.parse() API
function Url() {
@ -125,7 +124,7 @@ const {
let urlParseWarned = false;
function urlParse(url, parseQueryString, slashesDenoteHost) {
if (!urlParseWarned && getOptionValue('--pending-deprecation')) {
if (!urlParseWarned && !isInsideNodeModules(100, true)) {
urlParseWarned = true;
process.emitWarning(
'`url.parse()` behavior is not standardized and prone to ' +

View File

@ -90,12 +90,12 @@ if (common.hasIntl) {
});
// Warning should only happen once per process.
const expectedWarning = [
`The URL ${badURLs[0]} is invalid. Future versions of Node.js will throw an error.`,
'DEP0170',
];
common.expectWarning({
DeprecationWarning: expectedWarning,
DeprecationWarning: {
// eslint-disable-next-line @stylistic/js/max-len
DEP0169: '`url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.',
DEP0170: `The URL ${badURLs[0]} is invalid. Future versions of Node.js will throw an error.`,
},
});
badURLs.forEach((badURL) => {
url.parse(badURL);

View File

@ -45,4 +45,5 @@ export interface UtilBinding {
guessHandleType(fd: number): 'TCP' | 'TTY' | 'UDP' | 'FILE' | 'PIPE' | 'UNKNOWN';
parseEnv(content: string): Record<string, string>;
styleText(format: Array<string> | string, text: string): string;
isInsideNodeModules(frameLimit: number, defaultValue: unknown): boolean;
}