0.2.1 • Published 3 years ago

secure-url v0.2.1

Weekly downloads
-
License
MIT
Repository
github
Last release
3 years ago

secure-url

Continuous Integration Package Manager CI NPM version GitHub package.json version Coverage Status GitHub

Install

npm install secure-url --save

yarn add secure-url

Usage

By default, the SecureURL do not allow any relative URL like //foo/bar, and it will not allowed to change the host if given.

The first two argument is same as URL and the return is same as URL. Note that one different is, if you update the property of return. It will not update the other property like URL do.

const SecureURL = require("secure-url");

const url = new SecureURL("//foo/bar");
url.href; // https://localhost.local/foo/bar

const url = new SecureURL("https//malicious.com/foo/bar", "https://foo.bar/");
url.href; // https://foo.bar/foo/bar

Option

mode and keepPort is the option that can modify the secure behavior.

Mode (path)

path mode is used to sanitize the given path and keep the base when given.

const SecureURL = require("secure-url");

const url = new SecureURL("//foo/bar", { mode: "path" });
url.href; // https://localhost.local/foo/bar

const url = new SecureURL("https//malicious.com/foo/bar", "https://foo.bar/", {
  mode: "path",
});
url.href; // https://foo.bar/foo/bar

Mode (relax)

relax mode is used to sanitize the given path and allowed to update the base.

const SecureURL = require("secure-url");

const url = new SecureURL("//foo/bar", { mode: "relax" });
url.href; // https://localhost.local/foo/bar

const url = new SecureURL("https//malicious.com/foo/bar", "https://foo.bar/", {
  mode: "relax",
});
url.href; // https//malicious.com/foo/bar

Mode (insecure)

insecure mode disable the sanitize for path and allowed to update the base.

const SecureURL = require("secure-url");

const url = new SecureURL("//foo/bar", "https://foo.bar/", {
  mode: "insecure",
});
url.href; // https://foo/bar

const url = new SecureURL("//malicious.com/foo/bar", "https://foo.bar/", {
  mode: "insecure",
});
url.href; // https://malicious.com/foo/bar

keepPort

keepPort is used when you what to keep the port when specify in URL. We have this behavior because by design URL will stripe the default port matching the protocol. By default: false

const SecureURL = require("secure-url");

const url = new SecureURL("/foo/bar", "https://localhost.local:443/", {
  keepPort: false,
});
url.href; // https://localhost.local/foo/bar

const url = new SecureURL("/foo/bar", "https://localhost.local:443/", {
  keepPort: true,
});
url.href; // https://localhost.local:443/foo/bar
@infinitebrahmanuniverse/nolb-sec@everything-registry/sub-chunk-2726
0.2.1

3 years ago

0.2.0

3 years ago

0.1.0

3 years ago

0.0.0

3 years ago