Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 316016f

Browse filesBrowse files
anonrigMoLow
anonrig
authored and
MoLow
committed
esm: avoid accessing lazy getters for urls
PR-URL: #47542 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Stephen Belanger <admin@stephenbelanger.com> Reviewed-By: Jacob Smith <jacob@frende.me> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
1 parent 61ea153 commit 316016f
Copy full SHA for 316016f

File tree

Expand file treeCollapse file tree

1 file changed

+25
-15
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

1 file changed

+25
-15
lines changed
Open diff view settings
Collapse file

‎lib/internal/modules/esm/resolve.js‎

Copy file name to clipboardExpand all lines: lib/internal/modules/esm/resolve.js
+25-15Lines changed: 25 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -994,16 +994,20 @@ function resolveAsCommonJS(specifier, parentURL) {
994994
// TODO(@JakobJingleheimer): de-dupe `specifier` & `parsed`
995995
function checkIfDisallowedImport(specifier, parsed, parsedParentURL) {
996996
if (parsedParentURL) {
997+
// Avoid accessing the `protocol` property due to the lazy getters.
998+
const parentProtocol = parsedParentURL.protocol;
997999
if (
998-
parsedParentURL.protocol === 'http:' ||
999-
parsedParentURL.protocol === 'https:'
1000+
parentProtocol === 'http:' ||
1001+
parentProtocol === 'https:'
10001002
) {
10011003
if (shouldBeTreatedAsRelativeOrAbsolutePath(specifier)) {
1004+
// Avoid accessing the `protocol` property due to the lazy getters.
1005+
const parsedProtocol = parsed?.protocol;
10021006
// data: and blob: disallowed due to allowing file: access via
10031007
// indirection
1004-
if (parsed &&
1005-
parsed.protocol !== 'https:' &&
1006-
parsed.protocol !== 'http:'
1008+
if (parsedProtocol &&
1009+
parsedProtocol !== 'https:' &&
1010+
parsedProtocol !== 'http:'
10071011
) {
10081012
throw new ERR_NETWORK_IMPORT_DISALLOWED(
10091013
specifier,
@@ -1033,22 +1037,26 @@ function checkIfDisallowedImport(specifier, parsed, parsedParentURL) {
10331037
}
10341038

10351039
function throwIfUnsupportedURLProtocol(url) {
1036-
if (url.protocol !== 'file:' && url.protocol !== 'data:' &&
1037-
url.protocol !== 'node:') {
1040+
// Avoid accessing the `protocol` property due to the lazy getters.
1041+
const protocol = url.protocol;
1042+
if (protocol !== 'file:' && protocol !== 'data:' &&
1043+
protocol !== 'node:') {
10381044
throw new ERR_UNSUPPORTED_ESM_URL_SCHEME(url);
10391045
}
10401046
}
10411047

10421048
function throwIfUnsupportedURLScheme(parsed, experimentalNetworkImports) {
1049+
// Avoid accessing the `protocol` property due to the lazy getters.
1050+
const protocol = parsed?.protocol;
10431051
if (
1044-
parsed &&
1045-
parsed.protocol !== 'file:' &&
1046-
parsed.protocol !== 'data:' &&
1052+
protocol &&
1053+
protocol !== 'file:' &&
1054+
protocol !== 'data:' &&
10471055
(
10481056
!experimentalNetworkImports ||
10491057
(
1050-
parsed.protocol !== 'https:' &&
1051-
parsed.protocol !== 'http:'
1058+
protocol !== 'https:' &&
1059+
protocol !== 'http:'
10521060
)
10531061
)
10541062
) {
@@ -1104,11 +1112,13 @@ async function defaultResolve(specifier, context = {}) {
11041112
parsed = new URL(specifier);
11051113
}
11061114

1107-
if (parsed.protocol === 'data:' ||
1115+
// Avoid accessing the `protocol` property due to the lazy getters.
1116+
const protocol = parsed.protocol;
1117+
if (protocol === 'data:' ||
11081118
(experimentalNetworkImports &&
11091119
(
1110-
parsed.protocol === 'https:' ||
1111-
parsed.protocol === 'http:'
1120+
protocol === 'https:' ||
1121+
protocol === 'http:'
11121122
)
11131123
)
11141124
) {

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.