Skip to content

Commit

Permalink
url: runtime deprecate url.parse
Browse files Browse the repository at this point in the history
PR-URL: nodejs#55017
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
Reviewed-By: James M Snell <[email protected]>
  • Loading branch information
anonrig authored Oct 20, 2024
1 parent c124cfb commit 11fbdd8
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 9 deletions.
6 changes: 5 additions & 1 deletion doc/api/deprecations.md
Original file line number Diff line number Diff line change
Expand Up @@ -3453,6 +3453,10 @@ Node-API callbacks.

<!-- YAML
changes:
- version:
- REPLACEME
pr-url: https://github.com/nodejs/node/pull/55017
description: Application deprecation.
- version:
- v19.9.0
- v18.17.0
Expand All @@ -3465,7 +3469,7 @@ changes:
description: Documentation-only deprecation.
-->

Type: Documentation-only (supports [`--pending-deprecation`][])
Type: Application (non-`node_modules` code only)

[`url.parse()`][] behavior is not standardized and prone to errors that
have security implications. Use the [WHATWG URL API][] instead. CVEs are not
Expand Down
5 changes: 2 additions & 3 deletions lib/url.js
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ const {
// This ensures setURLConstructor() is called before the native
// URL::ToObject() method is used.
const { spliceOne } = require('internal/util');
const { isInsideNodeModules } = internalBinding('util');

// WHATWG URL implementation provided by internal/url
const {
Expand All @@ -63,8 +64,6 @@ const {

const bindingUrl = internalBinding('url');

const { getOptionValue } = require('internal/options');

// Original url.parse() API

function Url() {
Expand Down Expand Up @@ -125,7 +124,7 @@ const {
let urlParseWarned = false;

function urlParse(url, parseQueryString, slashesDenoteHost) {
if (!urlParseWarned && getOptionValue('--pending-deprecation')) {
if (!urlParseWarned && !isInsideNodeModules(100, true)) {
urlParseWarned = true;
process.emitWarning(
'`url.parse()` behavior is not standardized and prone to ' +
Expand Down
10 changes: 5 additions & 5 deletions test/parallel/test-url-parse-invalid-input.js
Original file line number Diff line number Diff line change
Expand Up @@ -90,12 +90,12 @@ if (common.hasIntl) {
});

// Warning should only happen once per process.
const expectedWarning = [
`The URL ${badURLs[0]} is invalid. Future versions of Node.js will throw an error.`,
'DEP0170',
];
common.expectWarning({
DeprecationWarning: expectedWarning,
DeprecationWarning: {
// eslint-disable-next-line @stylistic/js/max-len
DEP0169: '`url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.',
DEP0170: `The URL ${badURLs[0]} is invalid. Future versions of Node.js will throw an error.`,
},
});
badURLs.forEach((badURL) => {
url.parse(badURL);
Expand Down
1 change: 1 addition & 0 deletions typings/internalBinding/util.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -45,4 +45,5 @@ export interface UtilBinding {
guessHandleType(fd: number): 'TCP' | 'TTY' | 'UDP' | 'FILE' | 'PIPE' | 'UNKNOWN';
parseEnv(content: string): Record<string, string>;
styleText(format: Array<string> | string, text: string): string;
isInsideNodeModules(frameLimit: number, defaultValue: unknown): boolean;
}

0 comments on commit 11fbdd8

Please sign in to comment.