| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304 |
- # Copyright Joyent, Inc. and other Node contributors.
- #
- # Permission is hereby granted, free of charge, to any person obtaining a
- # copy of this software and associated documentation files (the
- # "Software"), to deal in the Software without restriction, including
- # without limitation the rights to use, copy, modify, merge, publish,
- # distribute, sublicense, and/or sell copies of the Software, and to permit
- # persons to whom the Software is furnished to do so, subject to the
- # following conditions:
- #
- # The above copyright notice and this permission notice shall be included
- # in all copies or substantial portions of the Software.
- #
- # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
- # OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
- # NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
- # DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
- # OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
- # USE OR OTHER DEALINGS IN THE SOFTWARE.
- # Changes from joyent/node:
- #
- # 1. No leading slash in paths,
- # e.g. in `url.parse('http://foo?bar')` pathname is ``, not `/`
- #
- # 2. Backslashes are not replaced with slashes,
- # so `http:\\example.org\` is treated like a relative path
- #
- # 3. Trailing colon is treated like a part of the path,
- # i.e. in `http://example.org:foo` pathname is `:foo`
- #
- # 4. Nothing is URL-encoded in the resulting object,
- # (in joyent/node some chars in auth and paths are encoded)
- #
- # 5. `url.parse()` does not have `parseQueryString` argument
- #
- # 6. Removed extraneous result properties: `host`, `path`, `query`, etc.,
- # which can be constructed using other parts of the url.
- from __future__ import annotations
- from collections import defaultdict
- import re
- from mdurl._url import URL
- # Reference: RFC 3986, RFC 1808, RFC 2396
- # define these here so at least they only have to be
- # compiled once on the first module load.
- PROTOCOL_PATTERN = re.compile(r"^([a-z0-9.+-]+:)", flags=re.IGNORECASE)
- PORT_PATTERN = re.compile(r":[0-9]*$")
- # Special case for a simple path URL
- SIMPLE_PATH_PATTERN = re.compile(r"^(//?(?!/)[^?\s]*)(\?[^\s]*)?$")
- # RFC 2396: characters reserved for delimiting URLs.
- # We actually just auto-escape these.
- DELIMS = ("<", ">", '"', "`", " ", "\r", "\n", "\t")
- # RFC 2396: characters not allowed for various reasons.
- UNWISE = ("{", "}", "|", "\\", "^", "`") + DELIMS
- # Allowed by RFCs, but cause of XSS attacks. Always escape these.
- AUTO_ESCAPE = ("'",) + UNWISE
- # Characters that are never ever allowed in a hostname.
- # Note that any invalid chars are also handled, but these
- # are the ones that are *expected* to be seen, so we fast-path
- # them.
- NON_HOST_CHARS = ("%", "/", "?", ";", "#") + AUTO_ESCAPE
- HOST_ENDING_CHARS = ("/", "?", "#")
- HOSTNAME_MAX_LEN = 255
- HOSTNAME_PART_PATTERN = re.compile(r"^[+a-z0-9A-Z_-]{0,63}$")
- HOSTNAME_PART_START = re.compile(r"^([+a-z0-9A-Z_-]{0,63})(.*)$")
- # protocols that can allow "unsafe" and "unwise" chars.
- # protocols that never have a hostname.
- HOSTLESS_PROTOCOL = defaultdict(
- bool,
- {
- "javascript": True,
- "javascript:": True,
- },
- )
- # protocols that always contain a // bit.
- SLASHED_PROTOCOL = defaultdict(
- bool,
- {
- "http": True,
- "https": True,
- "ftp": True,
- "gopher": True,
- "file": True,
- "http:": True,
- "https:": True,
- "ftp:": True,
- "gopher:": True,
- "file:": True,
- },
- )
- class MutableURL:
- def __init__(self) -> None:
- self.protocol: str | None = None
- self.slashes: bool = False
- self.auth: str | None = None
- self.port: str | None = None
- self.hostname: str | None = None
- self.hash: str | None = None
- self.search: str | None = None
- self.pathname: str | None = None
- def parse(self, url: str, slashes_denote_host: bool) -> "MutableURL":
- lower_proto = ""
- slashes = False
- rest = url
- # trim before proceeding.
- # This is to support parse stuff like " http://foo.com \n"
- rest = rest.strip()
- if not slashes_denote_host and len(url.split("#")) == 1:
- # Try fast path regexp
- simple_path = SIMPLE_PATH_PATTERN.match(rest)
- if simple_path:
- self.pathname = simple_path.group(1)
- if simple_path.group(2):
- self.search = simple_path.group(2)
- return self
- proto = ""
- proto_match = PROTOCOL_PATTERN.match(rest)
- if proto_match:
- proto = proto_match.group()
- lower_proto = proto.lower()
- self.protocol = proto
- rest = rest[len(proto) :]
- # figure out if it's got a host
- # user@server is *always* interpreted as a hostname, and url
- # resolution will treat //foo/bar as host=foo,path=bar because that's
- # how the browser resolves relative URLs.
- if slashes_denote_host or proto or re.search(r"^//[^@/]+@[^@/]+", rest):
- slashes = rest.startswith("//")
- if slashes and not (proto and HOSTLESS_PROTOCOL[proto]):
- rest = rest[2:]
- self.slashes = True
- if not HOSTLESS_PROTOCOL[proto] and (
- slashes or (proto and not SLASHED_PROTOCOL[proto])
- ):
- # there's a hostname.
- # the first instance of /, ?, ;, or # ends the host.
- #
- # If there is an @ in the hostname, then non-host chars *are* allowed
- # to the left of the last @ sign, unless some host-ending character
- # comes *before* the @-sign.
- # URLs are obnoxious.
- #
- # ex:
- # http://a@b@c/ => user:a@b host:c
- # http://a@b?@c => user:a host:c path:/?@c
- # v0.12 TODO(isaacs): This is not quite how Chrome does things.
- # Review our test case against browsers more comprehensively.
- # find the first instance of any hostEndingChars
- host_end = -1
- for i in range(len(HOST_ENDING_CHARS)):
- hec = rest.find(HOST_ENDING_CHARS[i])
- if hec != -1 and (host_end == -1 or hec < host_end):
- host_end = hec
- # at this point, either we have an explicit point where the
- # auth portion cannot go past, or the last @ char is the decider.
- if host_end == -1:
- # atSign can be anywhere.
- at_sign = rest.rfind("@")
- else:
- # atSign must be in auth portion.
- # http://a@b/c@d => host:b auth:a path:/c@d
- at_sign = rest.rfind("@", 0, host_end + 1)
- # Now we have a portion which is definitely the auth.
- # Pull that off.
- if at_sign != -1:
- auth = rest[:at_sign]
- rest = rest[at_sign + 1 :]
- self.auth = auth
- # the host is the remaining to the left of the first non-host char
- host_end = -1
- for i in range(len(NON_HOST_CHARS)):
- hec = rest.find(NON_HOST_CHARS[i])
- if hec != -1 and (host_end == -1 or hec < host_end):
- host_end = hec
- # if we still have not hit it, then the entire thing is a host.
- if host_end == -1:
- host_end = len(rest)
- if host_end > 0 and rest[host_end - 1] == ":":
- host_end -= 1
- host = rest[:host_end]
- rest = rest[host_end:]
- # pull out port.
- self.parse_host(host)
- # we've indicated that there is a hostname,
- # so even if it's empty, it has to be present.
- self.hostname = self.hostname or ""
- # if hostname begins with [ and ends with ]
- # assume that it's an IPv6 address.
- ipv6_hostname = self.hostname.startswith("[") and self.hostname.endswith(
- "]"
- )
- # validate a little.
- if not ipv6_hostname:
- hostparts = self.hostname.split(".")
- l = len(hostparts) # noqa: E741
- i = 0
- while i < l:
- part = hostparts[i]
- if not part:
- i += 1 # emulate statement3 in JS for loop
- continue
- if not HOSTNAME_PART_PATTERN.search(part):
- newpart = ""
- k = len(part)
- j = 0
- while j < k:
- if ord(part[j]) > 127:
- # we replace non-ASCII char with a temporary placeholder
- # we need this to make sure size of hostname is not
- # broken by replacing non-ASCII by nothing
- newpart += "x"
- else:
- newpart += part[j]
- j += 1 # emulate statement3 in JS for loop
- # we test again with ASCII char only
- if not HOSTNAME_PART_PATTERN.search(newpart):
- valid_parts = hostparts[:i]
- not_host = hostparts[i + 1 :]
- bit = HOSTNAME_PART_START.search(part)
- if bit:
- valid_parts.append(bit.group(1))
- not_host.insert(0, bit.group(2))
- if not_host:
- rest = ".".join(not_host) + rest
- self.hostname = ".".join(valid_parts)
- break
- i += 1 # emulate statement3 in JS for loop
- if len(self.hostname) > HOSTNAME_MAX_LEN:
- self.hostname = ""
- # strip [ and ] from the hostname
- # the host field still retains them, though
- if ipv6_hostname:
- self.hostname = self.hostname[1:-1]
- # chop off from the tail first.
- hash = rest.find("#") # noqa: A001
- if hash != -1:
- # got a fragment string.
- self.hash = rest[hash:]
- rest = rest[:hash]
- qm = rest.find("?")
- if qm != -1:
- self.search = rest[qm:]
- rest = rest[:qm]
- if rest:
- self.pathname = rest
- if SLASHED_PROTOCOL[lower_proto] and self.hostname and not self.pathname:
- self.pathname = ""
- return self
- def parse_host(self, host: str) -> None:
- port_match = PORT_PATTERN.search(host)
- if port_match:
- port = port_match.group()
- if port != ":":
- self.port = port[1:]
- host = host[: -len(port)]
- if host:
- self.hostname = host
- def url_parse(url: URL | str, *, slashes_denote_host: bool = False) -> URL:
- if isinstance(url, URL):
- return url
- u = MutableURL()
- u.parse(url, slashes_denote_host)
- return URL(
- u.protocol, u.slashes, u.auth, u.port, u.hostname, u.hash, u.search, u.pathname
- )
|
