pax_global_header00006660000000000000000000000064132312532100014502gustar00rootroot0000000000000052 comment=1a7301e330bf20fd7c8c173102315e45cd1f5d1e encodeurl-1.0.2/000077500000000000000000000000001323125321000134625ustar00rootroot00000000000000encodeurl-1.0.2/.eslintignore000066400000000000000000000000261323125321000161630ustar00rootroot00000000000000coverage node_modules encodeurl-1.0.2/.eslintrc000066400000000000000000000000341323125321000153030ustar00rootroot00000000000000{ "extends": "standard" } encodeurl-1.0.2/.gitignore000066400000000000000000000000701323125321000154470ustar00rootroot00000000000000coverage/ node_modules/ npm-debug.log package-lock.json encodeurl-1.0.2/.travis.yml000066400000000000000000000017651323125321000156040ustar00rootroot00000000000000language: node_js node_js: - "0.8" - "0.10" - "0.12" - "1.8" - "2.5" - "3.3" - "4.8" - "5.12" - "6.12" - "7.10" - "8.9" sudo: false cache: directories: - node_modules before_install: # Skip updating shrinkwrap / lock - "npm config set shrinkwrap false" # Setup Node.js version-specific dependencies - "test $TRAVIS_NODE_VERSION != '0.8' || npm rm --save-dev istanbul" - "test $(echo $TRAVIS_NODE_VERSION | cut -d. -f1) -ge 4 || npm rm --save-dev $(grep -E '\"eslint\\S*\"' package.json | cut -d'\"' -f2)" # Update Node.js modules - "test ! -d node_modules || npm prune" - "test ! -d node_modules || npm rebuild" script: # Run test script, depending on istanbul install - "test ! -z $(npm -ps ls istanbul) || npm test" - "test -z $(npm -ps ls istanbul) || npm run-script test-travis" - "test -z $(npm -ps ls eslint ) || npm run-script lint" after_script: - "test -e ./coverage/lcov.info && npm install coveralls@2 && cat ./coverage/lcov.info | coveralls" encodeurl-1.0.2/HISTORY.md000066400000000000000000000003561323125321000151510ustar00rootroot000000000000001.0.2 / 2018-01-21 ================== * Fix encoding `%` as last character 1.0.1 / 2016-06-09 ================== * Fix encoding unpaired surrogates at start/end of string 1.0.0 / 2016-06-08 ================== * Initial release encodeurl-1.0.2/LICENSE000066400000000000000000000021011323125321000144610ustar00rootroot00000000000000(The MIT License) Copyright (c) 2016 Douglas Christopher Wilson Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. encodeurl-1.0.2/README.md000066400000000000000000000074171323125321000147520ustar00rootroot00000000000000# encodeurl [![NPM Version][npm-image]][npm-url] [![NPM Downloads][downloads-image]][downloads-url] [![Node.js Version][node-version-image]][node-version-url] [![Build Status][travis-image]][travis-url] [![Test Coverage][coveralls-image]][coveralls-url] Encode a URL to a percent-encoded form, excluding already-encoded sequences ## Installation This is a [Node.js](https://nodejs.org/en/) module available through the [npm registry](https://www.npmjs.com/). Installation is done using the [`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally): ```sh $ npm install encodeurl ``` ## API ```js var encodeUrl = require('encodeurl') ``` ### encodeUrl(url) Encode a URL to a percent-encoded form, excluding already-encoded sequences. This function will take an already-encoded URL and encode all the non-URL code points (as UTF-8 byte sequences). This function will not encode the "%" character unless it is not part of a valid sequence (`%20` will be left as-is, but `%foo` will be encoded as `%25foo`). This encode is meant to be "safe" and does not throw errors. It will try as hard as it can to properly encode the given URL, including replacing any raw, unpaired surrogate pairs with the Unicode replacement character prior to encoding. This function is _similar_ to the intrinsic function `encodeURI`, except it will not encode the `%` character if that is part of a valid sequence, will not encode `[` and `]` (for IPv6 hostnames) and will replace raw, unpaired surrogate pairs with the Unicode replacement character (instead of throwing). ## Examples ### Encode a URL containing user-controled data ```js var encodeUrl = require('encodeurl') var escapeHtml = require('escape-html') http.createServer(function onRequest (req, res) { // get encoded form of inbound url var url = encodeUrl(req.url) // create html message var body = '

Location ' + escapeHtml(url) + ' not found

' // send a 404 res.statusCode = 404 res.setHeader('Content-Type', 'text/html; charset=UTF-8') res.setHeader('Content-Length', String(Buffer.byteLength(body, 'utf-8'))) res.end(body, 'utf-8') }) ``` ### Encode a URL for use in a header field ```js var encodeUrl = require('encodeurl') var escapeHtml = require('escape-html') var url = require('url') http.createServer(function onRequest (req, res) { // parse inbound url var href = url.parse(req) // set new host for redirect href.host = 'localhost' href.protocol = 'https:' href.slashes = true // create location header var location = encodeUrl(url.format(href)) // create html message var body = '

Redirecting to new site: ' + escapeHtml(location) + '

' // send a 301 res.statusCode = 301 res.setHeader('Content-Type', 'text/html; charset=UTF-8') res.setHeader('Content-Length', String(Buffer.byteLength(body, 'utf-8'))) res.setHeader('Location', location) res.end(body, 'utf-8') }) ``` ## Testing ```sh $ npm test $ npm run lint ``` ## References - [RFC 3986: Uniform Resource Identifier (URI): Generic Syntax][rfc-3986] - [WHATWG URL Living Standard][whatwg-url] [rfc-3986]: https://tools.ietf.org/html/rfc3986 [whatwg-url]: https://url.spec.whatwg.org/ ## License [MIT](LICENSE) [npm-image]: https://img.shields.io/npm/v/encodeurl.svg [npm-url]: https://npmjs.org/package/encodeurl [node-version-image]: https://img.shields.io/node/v/encodeurl.svg [node-version-url]: https://nodejs.org/en/download [travis-image]: https://img.shields.io/travis/pillarjs/encodeurl.svg [travis-url]: https://travis-ci.org/pillarjs/encodeurl [coveralls-image]: https://img.shields.io/coveralls/pillarjs/encodeurl.svg [coveralls-url]: https://coveralls.io/r/pillarjs/encodeurl?branch=master [downloads-image]: https://img.shields.io/npm/dm/encodeurl.svg [downloads-url]: https://npmjs.org/package/encodeurl encodeurl-1.0.2/index.js000066400000000000000000000030621323125321000151300ustar00rootroot00000000000000/*! * encodeurl * Copyright(c) 2016 Douglas Christopher Wilson * MIT Licensed */ 'use strict' /** * Module exports. * @public */ module.exports = encodeUrl /** * RegExp to match non-URL code points, *after* encoding (i.e. not including "%") * and including invalid escape sequences. * @private */ var ENCODE_CHARS_REGEXP = /(?:[^\x21\x25\x26-\x3B\x3D\x3F-\x5B\x5D\x5F\x61-\x7A\x7E]|%(?:[^0-9A-Fa-f]|[0-9A-Fa-f][^0-9A-Fa-f]|$))+/g /** * RegExp to match unmatched surrogate pair. * @private */ var UNMATCHED_SURROGATE_PAIR_REGEXP = /(^|[^\uD800-\uDBFF])[\uDC00-\uDFFF]|[\uD800-\uDBFF]([^\uDC00-\uDFFF]|$)/g /** * String to replace unmatched surrogate pair with. * @private */ var UNMATCHED_SURROGATE_PAIR_REPLACE = '$1\uFFFD$2' /** * Encode a URL to a percent-encoded form, excluding already-encoded sequences. * * This function will take an already-encoded URL and encode all the non-URL * code points. This function will not encode the "%" character unless it is * not part of a valid sequence (`%20` will be left as-is, but `%foo` will * be encoded as `%25foo`). * * This encode is meant to be "safe" and does not throw errors. It will try as * hard as it can to properly encode the given URL, including replacing any raw, * unpaired surrogate pairs with the Unicode replacement character prior to * encoding. * * @param {string} url * @return {string} * @public */ function encodeUrl (url) { return String(url) .replace(UNMATCHED_SURROGATE_PAIR_REGEXP, UNMATCHED_SURROGATE_PAIR_REPLACE) .replace(ENCODE_CHARS_REGEXP, encodeURI) } encodeurl-1.0.2/package.json000066400000000000000000000021031323125321000157440ustar00rootroot00000000000000{ "name": "encodeurl", "description": "Encode a URL to a percent-encoded form, excluding already-encoded sequences", "version": "1.0.2", "contributors": [ "Douglas Christopher Wilson " ], "license": "MIT", "keywords": [ "encode", "encodeurl", "url" ], "repository": "pillarjs/encodeurl", "devDependencies": { "eslint": "3.19.0", "eslint-config-standard": "10.2.1", "eslint-plugin-import": "2.8.0", "eslint-plugin-node": "5.2.1", "eslint-plugin-promise": "3.6.0", "eslint-plugin-standard": "3.0.1", "istanbul": "0.4.5", "mocha": "2.5.3" }, "files": [ "LICENSE", "HISTORY.md", "README.md", "index.js" ], "engines": { "node": ">= 0.8" }, "scripts": { "lint": "eslint .", "test": "mocha --reporter spec --bail --check-leaks test/", "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/", "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/" } } encodeurl-1.0.2/test/000077500000000000000000000000001323125321000144415ustar00rootroot00000000000000encodeurl-1.0.2/test/.eslintrc000066400000000000000000000000441323125321000162630ustar00rootroot00000000000000{ "env": { "mocha": true } } encodeurl-1.0.2/test/test.js000066400000000000000000000127041323125321000157620ustar00rootroot00000000000000 var assert = require('assert') var encodeUrl = require('..') describe('encodeUrl(url)', function () { describe('when url contains only allowed characters', function () { it('should keep URL the same', function () { assert.equal(encodeUrl('http://localhost/foo/bar.html?fizz=buzz#readme'), 'http://localhost/foo/bar.html?fizz=buzz#readme') }) it('should not touch IPv6 notation', function () { assert.equal(encodeUrl('http://[::1]:8080/foo/bar'), 'http://[::1]:8080/foo/bar') }) }) describe('when url contains invalid raw characters', function () { it('should encode LF', function () { assert.equal(encodeUrl('http://localhost/\nsnow.html'), 'http://localhost/%0Asnow.html') }) it('should encode FF', function () { assert.equal(encodeUrl('http://localhost/\fsnow.html'), 'http://localhost/%0Csnow.html') }) it('should encode CR', function () { assert.equal(encodeUrl('http://localhost/\rsnow.html'), 'http://localhost/%0Dsnow.html') }) it('should encode SP', function () { assert.equal(encodeUrl('http://localhost/ snow.html'), 'http://localhost/%20snow.html') }) it('should encode NULL', function () { assert.equal(encodeUrl('http://localhost/\0snow.html'), 'http://localhost/%00snow.html') }) it('should encode all expected characters from ASCII set', function () { assert.equal(encodeUrl('/\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f'), '/%00%01%02%03%04%05%06%07%08%09%0A%0B%0C%0D%0E%0F') assert.equal(encodeUrl('/\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f'), '/%10%11%12%13%14%15%16%17%18%19%1A%1B%1C%1D%1E%1F') assert.equal(encodeUrl('/\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f'), '/%20!%22#$%25&\'()*+,-./') assert.equal(encodeUrl('/\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f'), '/0123456789:;%3C=%3E?') assert.equal(encodeUrl('/\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f'), '/@ABCDEFGHIJKLMNO') assert.equal(encodeUrl('/\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f'), '/PQRSTUVWXYZ[%5C]%5E_') assert.equal(encodeUrl('/\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f'), '/%60abcdefghijklmno') assert.equal(encodeUrl('/\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f'), '/pqrstuvwxyz%7B%7C%7D~%7F') }) it('should encode all characters above ASCII as UTF-8 sequences', function () { assert.equal(encodeUrl('/\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f'), '/%C2%80%C2%81%C2%82%C2%83%C2%84%C2%85%C2%86%C2%87%C2%88%C2%89%C2%8A%C2%8B%C2%8C%C2%8D%C2%8E%C2%8F') assert.equal(encodeUrl('/\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f'), '/%C2%90%C2%91%C2%92%C2%93%C2%94%C2%95%C2%96%C2%97%C2%98%C2%99%C2%9A%C2%9B%C2%9C%C2%9D%C2%9E%C2%9F') assert.equal(encodeUrl('/\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf'), '/%C2%A0%C2%A1%C2%A2%C2%A3%C2%A4%C2%A5%C2%A6%C2%A7%C2%A8%C2%A9%C2%AA%C2%AB%C2%AC%C2%AD%C2%AE%C2%AF') assert.equal(encodeUrl('/\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf'), '/%C2%B0%C2%B1%C2%B2%C2%B3%C2%B4%C2%B5%C2%B6%C2%B7%C2%B8%C2%B9%C2%BA%C2%BB%C2%BC%C2%BD%C2%BE%C2%BF') assert.equal(encodeUrl('/\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf'), '/%C3%80%C3%81%C3%82%C3%83%C3%84%C3%85%C3%86%C3%87%C3%88%C3%89%C3%8A%C3%8B%C3%8C%C3%8D%C3%8E%C3%8F') assert.equal(encodeUrl('/\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf'), '/%C3%90%C3%91%C3%92%C3%93%C3%94%C3%95%C3%96%C3%97%C3%98%C3%99%C3%9A%C3%9B%C3%9C%C3%9D%C3%9E%C3%9F') assert.equal(encodeUrl('/\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef'), '/%C3%A0%C3%A1%C3%A2%C3%A3%C3%A4%C3%A5%C3%A6%C3%A7%C3%A8%C3%A9%C3%AA%C3%AB%C3%AC%C3%AD%C3%AE%C3%AF') assert.equal(encodeUrl('/\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff'), '/%C3%B0%C3%B1%C3%B2%C3%B3%C3%B4%C3%B5%C3%B6%C3%B7%C3%B8%C3%B9%C3%BA%C3%BB%C3%BC%C3%BD%C3%BE%C3%BF') }) }) describe('when url contains percent-encoded sequences', function () { it('should not encode the "%" character', function () { assert.equal(encodeUrl('http://localhost/%20snow.html'), 'http://localhost/%20snow.html') }) it('should not care if sequence is valid UTF-8', function () { assert.equal(encodeUrl('http://localhost/%F0snow.html'), 'http://localhost/%F0snow.html') }) it('should encode the "%" if not a valid sequence', function () { assert.equal(encodeUrl('http://localhost/%foo%bar%zap%'), 'http://localhost/%25foo%bar%25zap%25') }) }) describe('when url contains raw surrogate pairs', function () { it('should encode pair as UTF-8 byte sequences', function () { assert.equal(encodeUrl('http://localhost/\uD83D\uDC7B snow.html'), 'http://localhost/%F0%9F%91%BB%20snow.html') }) describe('when unpaired', function () { it('should encode as replacement character', function () { assert.equal(encodeUrl('http://localhost/\uD83Dfoo\uDC7B <\uDC7B\uD83D>.html'), 'http://localhost/%EF%BF%BDfoo%EF%BF%BD%20%3C%EF%BF%BD%EF%BF%BD%3E.html') }) it('should encode at end of string', function () { assert.equal(encodeUrl('http://localhost/\uD83D'), 'http://localhost/%EF%BF%BD') }) it('should encode at start of string', function () { assert.equal(encodeUrl('\uDC7Bfoo'), '%EF%BF%BDfoo') }) }) }) })