From 0e9a1640aef674f6b6bdc177e8ea405724aa4fb4 Mon Sep 17 00:00:00 2001
From: yiminghe <yiminghe@gmail.com>
Date: Fri, 15 Oct 2021 18:54:35 +0800
Subject: [PATCH] use url-regex

---
 .babelrc.js      | 11 ++---------
 package.json     |  5 ++++-
 src/rule/type.ts |  8 +++-----
 tests/url.js     | 19 +++++++++++++++++++
 4 files changed, 28 insertions(+), 15 deletions(-)
 create mode 100644 tests/url.js

diff --git a/.babelrc.js b/.babelrc.js
index 5e055af..ad7062c 100644
--- a/.babelrc.js
+++ b/.babelrc.js
@@ -1,17 +1,10 @@
 console.log('Load babel config');
 
 module.exports = api => {
+  api.cache(false);
   return {
     presets: [
-      [
-        '@babel/preset-env',
-        api.env('test')
-          ? { targets: { node: true } }
-          : {
-              loose: true,
-              modules: false,
-            },
-      ],
+      ['@babel/preset-env', { targets: { node: true } }],
       '@babel/preset-typescript',
     ],
   };
diff --git a/package.json b/package.json
index 92785d2..549f9a5 100644
--- a/package.json
+++ b/package.json
@@ -89,5 +89,8 @@
   },
   "pre-commit": [
     "lint-staged"
-  ]
+  ],
+  "dependencies": {
+    "url-regex": "^5.0.0"
+  }
 }
diff --git a/src/rule/type.ts b/src/rule/type.ts
index 9807734..7024fa9 100644
--- a/src/rule/type.ts
+++ b/src/rule/type.ts
@@ -1,16 +1,14 @@
 import { ExecuteRule, Value } from '../interface';
 import { format } from '../util';
 import required from './required';
+import urlRegex from 'url-regex';
 
 /* eslint max-len:0 */
 
 const pattern = {
   // http://emailregex.com/
   email: /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]+\.)+[a-zA-Z\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]{2,}))$/,
-  url: new RegExp(
-    '^(?!mailto:)(?:(?:http|https|ftp)://|//)(?:\\S+(?::\\S*)?@)?(?:(?:(?:[1-9]\\d?|1\\d\\d|2[01]\\d|22[0-3])(?:\\.(?:1?\\d{1,2}|2[0-4]\\d|25[0-5])){2}(?:\\.(?:[0-9]\\d?|1\\d\\d|2[0-4]\\d|25[0-4]))|(?:(?:[a-z\\u00a1-\\uffff0-9]+-*)*[a-z\\u00a1-\\uffff0-9]+)(?:\\.(?:[a-z\\u00a1-\\uffff0-9]+-*)*[a-z\\u00a1-\\uffff0-9]+)*(?:\\.(?:[a-z\\u00a1-\\uffff]{2,})))|localhost)(?::\\d{2,5})?(?:(/|\\?|#)[^\\s]*)?$',
-    'i',
-  ),
+  url: urlRegex({ exact: true }),
   hex: /^#?([a-f0-9]{6}|[a-f0-9]{3})$/i,
 };
 
@@ -58,7 +56,7 @@ const types = {
     return typeof value === 'string' && !!value.match(pattern.email);
   },
   url(value: Value) {
-    return typeof value === 'string' && !!value.match(pattern.url);
+    return typeof value === 'string' && value.length <= 2048 && !!value.match(pattern.url);
   },
   hex(value: Value) {
     return typeof value === 'string' && !!value.match(pattern.hex);
diff --git a/tests/url.js b/tests/url.js
new file mode 100644
index 0000000..82ae646
--- /dev/null
+++ b/tests/url.js
@@ -0,0 +1,19 @@
+import AsyncValidator from '../src/';
+
+const validator = new AsyncValidator({
+  v: {
+    type: 'url',
+  },
+});
+
+for (var i = 1; i <= 50000; i++) {
+  var time = Date.now();
+  var attack_str = '//' + ':'.repeat(i * 10000) + '@';
+  validator.validate({
+    v: attack_str,
+  });
+  var time_cost = Date.now() - time;
+  console.log(
+    'attack_str.length: ' + attack_str.length + ': ' + time_cost + ' ms',
+  );
+}