From b5d2972a8ee2ebda37815db5426d16cc35fd47ad Mon Sep 17 00:00:00 2001
From: Pooya Parsa <pooya@pi0.io>
Date: Mon, 15 May 2023 12:41:18 +0200
Subject: [PATCH] fix(getRequestURL): normalize double slashes

thanks @OhB00 for reporting
---
 src/utils/request.ts | 10 +++++++++-
 test/utils.test.ts   |  7 +++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/utils/request.ts b/src/utils/request.ts
index 84ab1b51..c6712ad0 100644
--- a/src/utils/request.ts
+++ b/src/utils/request.ts
@@ -100,8 +100,16 @@ export function getRequestProtocol(event: H3Event) {
   return (event.node.req.connection as any).encrypted ? "https" : "http";
 }
 
+const DOUBLE_SLASH_RE = /[/\\]{2,}/g;
+
+export function getRequestPath(event: H3Event) {
+  const path = (event.path || "/").replace(DOUBLE_SLASH_RE, "/");
+  return path;
+}
+
 export function getRequestURL(event: H3Event) {
   const host = getRequestHost(event);
   const protocol = getRequestProtocol(event);
-  return new URL(event.path || "/", `${protocol}://${host}`);
+  const path = getRequestPath(event);
+  return new URL(path, `${protocol}://${host}`);
 }
diff --git a/test/utils.test.ts b/test/utils.test.ts
index a946c23a..d824aad7 100644
--- a/test/utils.test.ts
+++ b/test/utils.test.ts
@@ -97,6 +97,13 @@ describe("", () => {
   describe("getRequestURL", () => {
     const tests = [
       { path: "/foo", url: "http://127.0.0.1/foo" },
+      { path: "//foo", url: "http://127.0.0.1/foo" },
+      { path: "//foo.com//bar", url: "http://127.0.0.1/foo.com/bar" },
+      { path: "///foo", url: "http://127.0.0.1/foo" },
+      { path: "\\foo", url: "http://127.0.0.1/foo" },
+      { path: "\\\\foo", url: "http://127.0.0.1/foo" },
+      { path: "\\/foo", url: "http://127.0.0.1/foo" },
+      { path: "/\\foo", url: "http://127.0.0.1/foo" },
       { path: "/test", host: "example.com", url: "http://example.com/test" },
       {
         path: "/test",