Nodejs/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2024-11-21 10:59:27 +00:00
Code Issues Actions 25 Packages Projects Releases Wiki Activity

errors: remove input from ERR_INVALID_URL message

Browse Source 
Avoid potentially huge messages and leaked secrets.

PR-URL: https://github.com/nodejs/node/pull/38614
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
This commit is contained in:
moander 2021-05-09 22:43:57 +02:00 committed by James M Snell
parent 3612229d44
commit 417c31b69a
No known key found for this signature in database
GPG Key ID: 7341B15C070877AC
3 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/internal/errors.js
View File

@ -1265,7 +1265,9 @@ E('ERR_INVALID_TUPLE', '%s must be an iterable %s tuple', TypeError);
E('ERR_INVALID_URI', 'URI malformed', URIError);
E('ERR_INVALID_URL', function(input) {
this.input = input;
return `Invalid URL: ${input}`;
// Don't include URL in message.
// (See https://github.com/nodejs/node/pull/38614)
return 'Invalid URL';
}, TypeError);
E('ERR_INVALID_URL_SCHEME',
(expected) => {

12
test/es-module/test-esm-loader-invalid-url.mjs
View File

@ -3,8 +3,12 @@ import { expectsError, mustCall } from '../common/index.mjs';
import assert from 'assert';
import('../fixtures/es-modules/test-esm-ok.mjs')
.then(assert.fail, expectsError({
code: 'ERR_INVALID_URL',
message: 'Invalid URL: ../fixtures/es-modules/test-esm-ok.mjs'
}))
.then(assert.fail, (error) => {
expectsError({
code: 'ERR_INVALID_URL',
message: 'Invalid URL'
})(error);
assert.strictEqual(error.input, '../fixtures/es-modules/test-esm-ok.mjs');
})
.then(mustCall());

7
test/parallel/test-whatwg-url-custom-parsing.js
View File

@ -55,11 +55,8 @@ for (const test of failureTests) {
() => new URL(test.input, test.base),
(error) => {
assert.throws(() => { throw error; }, expectedError);
// The input could be processed, so we don't do strict matching here
let match;
assert(match = (`${error}`).match(/Invalid URL: (.*)$/));
assert.strictEqual(error.input, match[1]);
assert.strictEqual(`${error}`, 'TypeError [ERR_INVALID_URL]: Invalid URL');
assert.strictEqual(error.message, 'Invalid URL');
return true;
});
}