aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/bun.js/bindings/ZigGlobalObject.cpp12
-rw-r--r--test/js/bun/util/fileUrl.test.js13
2 files changed, 24 insertions, 1 deletions
diff --git a/src/bun.js/bindings/ZigGlobalObject.cpp b/src/bun.js/bindings/ZigGlobalObject.cpp
index b969acf4c..2dbccc1f1 100644
--- a/src/bun.js/bindings/ZigGlobalObject.cpp
+++ b/src/bun.js/bindings/ZigGlobalObject.cpp
@@ -1124,6 +1124,10 @@ JSC_DEFINE_HOST_FUNCTION(functionFileURLToPath, (JSC::JSGlobalObject * globalObj
if (!domURL) {
if (arg0.isString()) {
auto url = WTF::URL(arg0.toWTFString(globalObject));
+ if (!url.protocolIs("file"_s)) {
+ throwTypeError(globalObject, scope, "Argument must be a file URL"_s);
+ return JSC::JSValue::encode(JSC::JSValue {});
+ }
RETURN_IF_EXCEPTION(scope, JSC::JSValue::encode(JSC::jsUndefined()));
RELEASE_AND_RETURN(scope, JSValue::encode(jsString(vm, url.fileSystemPath())));
}
@@ -1131,7 +1135,13 @@ JSC_DEFINE_HOST_FUNCTION(functionFileURLToPath, (JSC::JSGlobalObject * globalObj
return JSC::JSValue::encode(JSC::JSValue {});
}
- return JSC::JSValue::encode(JSC::jsString(vm, domURL->href().fileSystemPath()));
+ auto& url = domURL->href();
+ if (!url.protocolIs("file"_s)) {
+ throwTypeError(globalObject, scope, "Argument must be a file URL"_s);
+ return JSC::JSValue::encode(JSC::JSValue {});
+ }
+
+ return JSC::JSValue::encode(JSC::jsString(vm, url.fileSystemPath()));
}
JSC_DEFINE_CUSTOM_GETTER(noop_getter, (JSGlobalObject*, EncodedJSValue, PropertyName))
diff --git a/test/js/bun/util/fileUrl.test.js b/test/js/bun/util/fileUrl.test.js
index ebae570f8..f1bbe7461 100644
--- a/test/js/bun/util/fileUrl.test.js
+++ b/test/js/bun/util/fileUrl.test.js
@@ -13,4 +13,17 @@ describe("fileURLToPath", () => {
it("should convert a URL to a path", () => {
expect(fileURLToPath(new URL("file:///path/to/file.js"))).toBe("/path/to/file.js");
});
+
+ it("should fail on non-file: URLs", () => {
+ expect(() => fileURLToPath(new URL("http:///path/to/file.js"))).toThrow();
+ });
+
+ describe("should fail on non URLs", () => {
+ const fuzz = [1, true, Symbol("foo"), {}, [], () => {}, null, undefined, NaN, Infinity, -Infinity, new Boolean()];
+ fuzz.forEach(value => {
+ it(`${String(value)}`, () => {
+ expect(() => fileURLToPath(value)).toThrow();
+ });
+ });
+ });
});
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-30 01:42:17 +0000