OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2026-01-15 12:15:26 +00:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

doc: provide alternative to url.parse() using WHATWG URL

Browse Source 
PR-URL: https://github.com/nodejs/node/pull/59736
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
This commit is contained in:
Steven
2025-09-02 15:49:10 -04:00
committed by Node.js GitHub Bot
parent ce72fccc9d
commit 157cfdeeb3
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
doc/api/url.md
View File

@@ -1847,7 +1847,15 @@ A `URIError` is thrown if the `auth` property is present but cannot be decoded.
strings. It is prone to security issues such as [host name spoofing][]
and incorrect handling of usernames and passwords. Do not use with untrusted
input. CVEs are not issued for `url.parse()` vulnerabilities. Use the
[WHATWG URL][] API instead.
[WHATWG URL][] API instead, for example:
```js
function getURL(req) {
const proto = req.headers['x-forwarded-proto'] || 'https';
const host = req.headers['x-forwarded-host'] || req.headers.host || 'example.com';
return new URL(req.url || '/', `${proto}://${host}`);
}
```
### `url.resolve(from, to)`