From 86d10523a6f6e8dc4300d99d671335ee362ad316 Mon Sep 17 00:00:00 2001
From: Rodney Rehm <mail+github@rodneyrehm.de>
Date: Thu, 3 Mar 2022 10:51:40 +0100
Subject: [PATCH] fix(parse): remove leading whitespace

reported by @p0cas via huntr.dev
---
 src/URI.js   |  4 ++++
 test/urls.js | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+)

diff --git a/src/URI.js b/src/URI.js
index b634e8b..53b115d 100644
--- a/src/URI.js
+++ b/src/URI.js
@@ -239,6 +239,7 @@
     // balanced parens inclusion (), [], {}, <>
     parens: /(\([^\)]*\)|\[[^\]]*\]|\{[^}]*\}|<[^>]*>)/g,
   };
+  URI.leading_whitespace_expression = /^[\x00-\x20\u00a0\u1680\u2000-\u200a\u2028\u2029\u202f\u205f\u3000\ufeff]+/
   // http://www.iana.org/assignments/uri-schemes.html
   // http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#Well-known_ports
   URI.defaultPorts = {
@@ -494,6 +495,9 @@
         preventInvalidHostname: URI.preventInvalidHostname
       };
     }
+
+    string = string.replace(URI.leading_whitespace_expression, '')
+
     // [protocol"://"[username[":"password]"@"]hostname[":"port]"/"?][path]["?"querystring]["#"fragment]
 
     // extract fragment
diff --git a/test/urls.js b/test/urls.js
index 839f0da..4b077ce 100644
--- a/test/urls.js
+++ b/test/urls.js
@@ -2571,6 +2571,55 @@ var urls = [{
         idn: false,
         punycode: false
       }
+    }, {
+      name: 'leading white space',
+      url: '\t\bhttp://www.example.org/?hello=world',
+      _url: 'http://www.example.org/?hello=world',
+      parts: {
+        protocol: 'http',
+        username: null,
+        password: null,
+        hostname: 'www.example.org',
+        port: null,
+        path: '/',
+        query: 'hello=world',
+        fragment: null
+      },
+      accessors: {
+        protocol: 'http',
+        username: '',
+        password: '',
+        port: '',
+        path: '/',
+        query: 'hello=world',
+        fragment: '',
+        resource: '/?hello=world',
+        authority: 'www.example.org',
+        origin: 'http://www.example.org',
+        userinfo: '',
+        subdomain: 'www',
+        domain: 'example.org',
+        tld: 'org',
+        directory: '/',
+        filename: '',
+        suffix: '',
+        hash: '',
+        search: '?hello=world',
+        host: 'www.example.org',
+        hostname: 'www.example.org'
+      },
+      is: {
+        urn: false,
+        url: true,
+        relative: false,
+        name: true,
+        sld: false,
+        ip: false,
+        ip4: false,
+        ip6: false,
+        idn: false,
+        punycode: false
+      }
     }
 ];