@nodesecure/js-x-ray 11.0.0 → 11.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/ShadyURL.d.ts.map +1 -1
- package/dist/ShadyURL.js +36 -0
- package/dist/ShadyURL.js.map +1 -1
- package/package.json +1 -1
package/dist/ShadyURL.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ShadyURL.d.ts","sourceRoot":"","sources":["../src/ShadyURL.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"ShadyURL.d.ts","sourceRoot":"","sources":["../src/ShadyURL.ts"],"names":[],"mappings":"AA0CA,qBAAa,QAAQ;;IACnB,MAAM,CAAC,MAAM,CACX,KAAK,EAAE,MAAM,GACZ,OAAO;CA0CX"}
|
package/dist/ShadyURL.js
CHANGED
|
@@ -5,12 +5,48 @@ const kShadyLinkRegExps = [
|
|
|
5
5
|
/(http[s]?:\/\/(bit\.ly|ipinfo\.io|httpbin\.org|api\.ipify\.org).*)$/,
|
|
6
6
|
/(http[s]?:\/\/.*\.(link|xyz|tk|ml|ga|cf|gq|pw|top|club|mw|bd|ke|am|sbs|date|quest|cd|bid|ws|icu|cam|uno|email|stream))$/
|
|
7
7
|
];
|
|
8
|
+
// List of known URI schemes (IANA registered + common ones)
|
|
9
|
+
// See: https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml
|
|
10
|
+
const kKnownProtocols = new Set([
|
|
11
|
+
// Web
|
|
12
|
+
"http:", "https:",
|
|
13
|
+
// File & Data
|
|
14
|
+
"file:", "data:", "blob:",
|
|
15
|
+
// FTP
|
|
16
|
+
"ftp:", "ftps:", "sftp:", "tftp:",
|
|
17
|
+
// Mail & Messaging
|
|
18
|
+
"mailto:", "xmpp:", "irc:", "ircs:", "sip:", "sips:", "tel:", "sms:", "mms:",
|
|
19
|
+
// Remote access
|
|
20
|
+
"ssh:", "telnet:", "vnc:", "rdp:",
|
|
21
|
+
// Version control
|
|
22
|
+
"git:", "svn:", "cvs:", "hg:",
|
|
23
|
+
// P2P & Torrents
|
|
24
|
+
"magnet:", "ed2k:", "torrent:",
|
|
25
|
+
// Crypto & Blockchain
|
|
26
|
+
"bitcoin:", "ethereum:", "ipfs:", "ipns:",
|
|
27
|
+
// App-specific
|
|
28
|
+
"slack:", "discord:", "spotify:", "steam:", "skype:", "zoommtg:", "msteams:",
|
|
29
|
+
"vscode:", "vscode-insiders:", "jetbrains:",
|
|
30
|
+
// Mobile & Desktop deep links
|
|
31
|
+
"intent:", "market:", "itms:", "itms-apps:", "fb:", "twitter:", "instagram:", "whatsapp:", "tg:",
|
|
32
|
+
// Other common protocols
|
|
33
|
+
"ws:", "wss:", "ldap:", "ldaps:", "nntp:", "news:", "rtsp:", "rtspu:", "rtsps:",
|
|
34
|
+
"webcal:", "feed:", "podcast:",
|
|
35
|
+
// eslint-disable-next-line no-script-url
|
|
36
|
+
"javascript:", "about:", "view-source:",
|
|
37
|
+
// Security related
|
|
38
|
+
"acap:", "cap:", "cid:", "mid:", "urn:", "tag:", "dns:", "geo:", "ni:", "nih:"
|
|
39
|
+
]);
|
|
8
40
|
export class ShadyURL {
|
|
9
41
|
static isSafe(input) {
|
|
10
42
|
if (!URL.canParse(input)) {
|
|
11
43
|
return true;
|
|
12
44
|
}
|
|
13
45
|
const parsedUrl = new URL(input);
|
|
46
|
+
// Unknown protocol, not a real URL
|
|
47
|
+
if (!kKnownProtocols.has(parsedUrl.protocol)) {
|
|
48
|
+
return true;
|
|
49
|
+
}
|
|
14
50
|
const hostname = parsedUrl.hostname;
|
|
15
51
|
if (ipaddress.isValid(hostname)) {
|
|
16
52
|
if (this.#isPrivateIPAddress(hostname)) {
|
package/dist/ShadyURL.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ShadyURL.js","sourceRoot":"","sources":["../src/ShadyURL.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,SAAS,MAAM,WAAW,CAAC;AAElC,YAAY;AACZ,MAAM,iBAAiB,GAAG;IACxB,qEAAqE;IACrE,yHAAyH;CAC1H,CAAC;AAEF,MAAM,OAAO,QAAQ;IACnB,MAAM,CAAC,MAAM,CACX,KAAa;QAEb,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC;QACpC,IAAI,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,IAAI,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACvC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GAAG,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACnD,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;YACvB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,iBAAiB,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,CAAC,mBAAmB,CACxB,SAAiB;QAEjB,IAAI,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAEpC,IAAI,EAAE,YAAY,SAAS,CAAC,IAAI,IAAI,EAAE,CAAC,mBAAmB,EAAE,EAAE,CAAC;YAC7D,EAAE,GAAG,EAAE,CAAC,aAAa,EAAE,CAAC;QAC1B,CAAC;QAED,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,EAAE,CAAC;QACzB,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"ShadyURL.js","sourceRoot":"","sources":["../src/ShadyURL.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,SAAS,MAAM,WAAW,CAAC;AAElC,YAAY;AACZ,MAAM,iBAAiB,GAAG;IACxB,qEAAqE;IACrE,yHAAyH;CAC1H,CAAC;AAEF,4DAA4D;AAC5D,sEAAsE;AACtE,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,MAAM;IACN,OAAO,EAAE,QAAQ;IACjB,cAAc;IACd,OAAO,EAAE,OAAO,EAAE,OAAO;IACzB,MAAM;IACN,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;IACjC,mBAAmB;IACnB,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAC5E,gBAAgB;IAChB,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM;IACjC,kBAAkB;IAClB,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK;IAC7B,iBAAiB;IACjB,SAAS,EAAE,OAAO,EAAE,UAAU;IAC9B,sBAAsB;IACtB,UAAU,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO;IACzC,eAAe;IACf,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU;IAC5E,SAAS,EAAE,kBAAkB,EAAE,YAAY;IAC3C,8BAA8B;IAC9B,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,KAAK;IAChG,yBAAyB;IACzB,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ;IAC/E,SAAS,EAAE,OAAO,EAAE,UAAU;IAC9B,yCAAyC;IACzC,aAAa,EAAE,QAAQ,EAAE,cAAc;IACvC,mBAAmB;IACnB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM;CAC/E,CAAC,CAAC;AAEH,MAAM,OAAO,QAAQ;IACnB,MAAM,CAAC,MAAM,CACX,KAAa;QAEb,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QACjC,mCAAmC;QACnC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC;QACpC,IAAI,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,IAAI,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACvC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GAAG,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACnD,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;YACvB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,iBAAiB,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,CAAC,mBAAmB,CACxB,SAAiB;QAEjB,IAAI,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAEpC,IAAI,EAAE,YAAY,SAAS,CAAC,IAAI,IAAI,EAAE,CAAC,mBAAmB,EAAE,EAAE,CAAC;YAC7D,EAAE,GAAG,EAAE,CAAC,aAAa,EAAE,CAAC;QAC1B,CAAC;QAED,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,EAAE,CAAC;QACzB,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}
|