fix(node): Fix malformed URLs crashing the server in certain cases (#6746)

1 files changed, 46 insertions, 0 deletions

diff --git a/packages/integrations/node/test/bad-urls.test.js b/packages/integrations/node/test/bad-urls.test.js
new file mode 100644
index 000000000..24a6e7747
--- /dev/null
+++ b/packages/integrations/node/test/bad-urls.test.js
@@ -0,0 +1,46 @@
+import { expect } from 'chai';
+import nodejs from '../dist/index.js';
+import { loadFixture } from './test-utils.js';
+
+describe('API routes', () => {
+	/** @type {import('./test-utils').Fixture} */
+	let fixture;
+	let devPreview;
+
+	before(async () => {
+		fixture = await loadFixture({
+			root: './fixtures/bad-urls/',
+			output: 'server',
+			adapter: nodejs({ mode: 'standalone' }),
+		});
+		await fixture.build();
+		devPreview = await fixture.preview();
+	});
+
+	after(async () => {
+		await devPreview.stop();
+	});
+
+	it('Does not crash on bad urls', async () => {
+		const weirdURLs = [
+			'/\\xfs.bxss.me%3Fastrojs.com/hello-world',
+			'/asdasdasd@ax_zX=.zxczas🐥%/úadasd000%/',
+			'%',
+			'%80',
+			'%c',
+			'%c0%80',
+			'%20foobar%',
+		];
+
+		for (const weirdUrl of weirdURLs) {
+			const fetchResult = await fixture.fetch(weirdUrl);
+			expect([400, 500]).to.include(
+				fetchResult.status,
+				`${weirdUrl} returned something else than 400 or 500`
+			);
+		}
+		const stillWork = await fixture.fetch('/');
+		const text = await stillWork.text();
+		expect(text).to.equal('<!DOCTYPE html>\nHello!');
+	});
+});