Let tldts check for invalid characters within URI/hostname (#19415)

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
This commit is contained in:
Daniel James Smith 2026-03-17 14:09:31 +01:00 committed by GitHub
parent eaf410f01f
commit 255a4ae4e5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 5 additions and 6 deletions

View File

@ -156,6 +156,11 @@ describe("Utils Service", () => {
expect(Utils.getHostname('https://bit!:"_&ward.com')).toBeNull();
});
it("should not treat '!' in query string as an invalid url", () => {
expect(Utils.getHostname("http://localhost:8080?a=!")).toBe("localhost");
expect(Utils.getHostname("https://bitwarden.com?q=!")).toBe("bitwarden.com");
});
it("should fail for data urls", () => {
expect(Utils.getHostname("data:image/jpeg;base64,AAA")).toBeNull();
});

View File

@ -434,12 +434,6 @@ export class Utils {
return null;
}
// Does uriString contain invalid characters
// TODO Needs to possibly be extended, although '!' is a reserved character
if (uriString.indexOf("!") > 0) {
return null;
}
try {
const hostname = getHostname(uriString, { validHosts: this.validHosts });
if (hostname != null) {