parseurl-fast v1.2.0
parseurl-fast
A fast url parser
Parses an url with memoization using a single safe regex. Targets node only, so don't try to use in browser. Focuses on urls used at the server side.
Returns same parsing result as url.parse except:
- Does not parse
javascriptURIs - Does not parse some schemes. Please check
excludesintest/conformance.test.js
Usage
Install with
npm i -S parseurl-fastParse an Url with:
const parseurl = require('parseurl-fast')
const url = 'https://www.host.name:4000/path?query#hash'
const parsed = parseurl({url})
//> {
//> protocol: 'https:',
//> ...
//> }Benchmarks
node v8.11.4
$ npm run benchmark
---- url ----
node url.parse x 82,267 ops/sec ±1.70% (83 runs sampled)
parseurl x 83,700 ops/sec ±1.10% (90 runs sampled)
parseurl-fast x 231,092 ops/sec ±1.26% (91 runs sampled)
Fastest is parseurl-fast
---- long url ~8000 chars ----
node url.parse x 1,945 ops/sec ±0.49% (92 runs sampled)
parseurl x 1,929 ops/sec ±0.34% (94 runs sampled)
parseurl-fast x 10,051 ops/sec ±0.57% (90 runs sampled)
Fastest is parseurl-fast Security recommendations
This module can parse an infinite number of chars. To comply with RFC 7230 Section 3.1.1 which recommends a minimum of 8000 octets, you should limit the max. number of chars to such or even smaller extent (depends on your app). In such case respond with a 414 status code. The longer the urls the longer the parsing.
E.g. if using connect middlewares, do sth. like this:
const parseurl = require('parseurl-fast')
app.use((req, res, next) => {
let err
if (req.url.length <= 8000) {
parseurl(req)
} else {
err = new Error('URI Too Long')
err.status = 414
}
next(err)
})This module uses Regular Expressions for parsing, which may be subject to ReDoS attacks. Anyhow those expressions implemented should not contain any nondeterministic/ harmful states. The redos tool, was used to trace irregularities during development - check with npm run redos.