From feb9b107960f8785b8e302b01ade29de8957d9cf Mon Sep 17 00:00:00 2001
From: Ben McCann <322311+benmccann@users.noreply.github.com>
Date: Sun, 13 Nov 2022 00:48:45 -0800
Subject: [PATCH] fix: don't throw on malformed URLs (#10901)

---
 .../vite/src/node/__tests__/utils.spec.ts     |  9 ++++-
 packages/vite/src/node/utils.ts               | 34 +++++++++++--------
 2 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/packages/vite/src/node/__tests__/utils.spec.ts b/packages/vite/src/node/__tests__/utils.spec.ts
index 24d5a0205d58c5..fbd0b208b8200a 100644
--- a/packages/vite/src/node/__tests__/utils.spec.ts
+++ b/packages/vite/src/node/__tests__/utils.spec.ts
@@ -9,7 +9,8 @@ import {
   isFileReadable,
   isWindows,
   posToNumber,
-  resolveHostname
+  resolveHostname,
+  shouldServe
 } from '../utils'
 
 describe('injectQuery', () => {
@@ -239,6 +240,12 @@ describe('asyncFlatten', () => {
   })
 })
 
+describe('shouldServe', () => {
+  test('returns false for malformed URLs', () => {
+    expect(shouldServe('/%c0%ae%c0%ae/etc/passwd', '/assets/dir')).toBe(false)
+  })
+})
+
 describe('isFileReadable', () => {
   test("file doesn't exist", async () => {
     expect(isFileReadable('/does_not_exist')).toBe(false)
diff --git a/packages/vite/src/node/utils.ts b/packages/vite/src/node/utils.ts
index 2356ef5e5f777a..f38cd9ba41dd92 100644
--- a/packages/vite/src/node/utils.ts
+++ b/packages/vite/src/node/utils.ts
@@ -1198,22 +1198,28 @@ export const isNonDriveRelativeAbsolutePath = (p: string): boolean => {
  * consistent behaviour between dev and prod and across operating systems.
  */
 export function shouldServe(url: string, assetsDir: string): boolean {
-  // viteTestUrl is set to something like http://localhost:4173/ and then many tests make calls
-  // like `await page.goto(viteTestUrl + '/example')` giving us URLs beginning with a double slash
-  const pathname = decodeURI(
-    new URL(url.startsWith('//') ? url.substring(1) : url, 'http://example.com')
-      .pathname
-  )
-  const file = path.join(assetsDir, pathname)
-  if (
-    !fs.existsSync(file) ||
-    (isCaseInsensitiveFS && // can skip case check on Linux
-      !fs.statSync(file).isDirectory() &&
-      !hasCorrectCase(file, assetsDir))
-  ) {
+  try {
+    // viteTestUrl is set to something like http://localhost:4173/ and then many tests make calls
+    // like `await page.goto(viteTestUrl + '/example')` giving us URLs beginning with a double slash
+    const pathname = decodeURI(
+      new URL(
+        url.startsWith('//') ? url.substring(1) : url,
+        'http://example.com'
+      ).pathname
+    )
+    const file = path.join(assetsDir, pathname)
+    if (
+      !fs.existsSync(file) ||
+      (isCaseInsensitiveFS && // can skip case check on Linux
+        !fs.statSync(file).isDirectory() &&
+        !hasCorrectCase(file, assetsDir))
+    ) {
+      return false
+    }
+    return true
+  } catch (err) {
     return false
   }
-  return true
 }
 
 /**