From 461ef04f87885ca0005a9fe5b0ff9d752c477964 Mon Sep 17 00:00:00 2001 From: Yagiz Nizipli Date: Thu, 23 Mar 2023 15:45:21 -0400 Subject: [PATCH] url: add pending-deprecation to `url.parse()` PR-URL: https://github.com/nodejs/node/pull/47203 Reviewed-By: James M Snell Reviewed-By: Darshan Sen Reviewed-By: Chengzhong Wu Reviewed-By: Matteo Collina Reviewed-By: Beth Griggs Reviewed-By: Joyee Cheung --- doc/api/deprecations.md | 5 ++++- lib/url.js | 15 +++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/doc/api/deprecations.md b/doc/api/deprecations.md index 7417817944e9be..fd5564c376153e 100644 --- a/doc/api/deprecations.md +++ b/doc/api/deprecations.md @@ -3280,13 +3280,16 @@ Node-API callbacks. -Type: Documentation-only +Type: Documentation-only (supports [`--pending-deprecation`][]) [`url.parse()`][] behavior is not standardized and prone to errors that have security implications. Use the [WHATWG URL API][] instead. CVEs are not diff --git a/lib/url.js b/lib/url.js index 9d2911cdf47f73..de77bda1159197 100644 --- a/lib/url.js +++ b/lib/url.js @@ -62,6 +62,8 @@ const { formatUrl, } = internalBinding('url'); +const { getOptionValue } = require('internal/options'); + // Original url.parse() API function Url() { @@ -146,7 +148,20 @@ const { CHAR_COLON, } = require('internal/constants'); +let urlParseWarned = false; + function urlParse(url, parseQueryString, slashesDenoteHost) { + if (!urlParseWarned && getOptionValue('--pending-deprecation')) { + urlParseWarned = true; + process.emitWarning( + '`url.parse()` behavior is not standardized and prone to ' + + 'errors that have security implications. Use the WHATWG URL API ' + + 'instead. CVEs are not issued for `url.parse()` vulnerabilities.', + 'DeprecationWarning', + 'DEP0169', + ); + } + if (url instanceof Url) return url; const urlObject = new Url();