Don't whitelist localhost, closes #675

validatorjs · Jul 7, 2017 · cc96615 · cc96615
1 parent 4f10904
commit cc96615
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,8 @@
+#### HEAD
+
+- `isURL()` now requires the `require_tld: false` option to validate `localhost`
+  ([#675](https://github.com/chriso/validator.js/issues/675))
+
 #### 7.2.0
 
 - Added an option to validate any phone locale

diff --git a/lib/isURL.js b/lib/isURL.js
@@ -125,7 +125,7 @@ function isURL(url, options) {
     }
   }
 
-  if (!(0, _isIP2.default)(host) && !(0, _isFQDN2.default)(host, options) && (!ipv6 || !(0, _isIP2.default)(ipv6, 6)) && host !== 'localhost') {
+  if (!(0, _isIP2.default)(host) && !(0, _isFQDN2.default)(host, options) && (!ipv6 || !(0, _isIP2.default)(ipv6, 6))) {
     return false;
   }
 

diff --git a/src/lib/isURL.js b/src/lib/isURL.js
@@ -99,8 +99,7 @@ export default function isURL(url, options) {
     }
   }
 
-  if (!isIP(host) && !isFQDN(host, options) && (!ipv6 || !isIP(ipv6, 6)) &&
-          host !== 'localhost') {
+  if (!isIP(host) && !isFQDN(host, options) && (!ipv6 || !isIP(ipv6, 6))) {
     return false;
   }
 

diff --git a/test/validators.js b/test/validators.js
@@ -234,7 +234,6 @@ describe('Validators', function () {
         'http://189.123.14.13/',
         'http://duckduckgo.com/?q=%2F',
         'http://foobar.com/t$-_.+!*\'(),',
-        'http://localhost:3000/',
         'http://foobar.com/?foo=bar#baz=qux',
         'http://foobar.com?foo=bar',
         'http://foobar.com#baz=qux',
@@ -255,6 +254,7 @@ describe('Validators', function () {
         'http://[2010:836B:4179::836B:4179]',
       ],
       invalid: [
+        'http://localhost:3000/',
         'xyz://foobar.com',
         'invalid/',
         'invalid.x',
@@ -316,6 +316,7 @@ describe('Validators', function () {
       args: [{
         protocols: ['file'],
         require_host: false,
+        require_tld: false,
       }],
       valid: [
         'file://localhost/foo.txt',
@@ -369,6 +370,7 @@ describe('Validators', function () {
       valid: [
         'http://foobar.com/',
         'http://foobar/',
+        'http://localhost/',
         'foobar/',
         'foobar',
       ],
@@ -437,9 +439,9 @@ describe('Validators', function () {
       }],
       valid: [
         'http://foobar.com/',
-        'http://localhost/',
       ],
       invalid: [
+        'http://localhost/',
         'foobar.com',
         'foobar',
       ],

diff --git a/validator.js b/validator.js
@@ -402,7 +402,7 @@ function isURL(url, options) {
     }
   }
 
-  if (!isIP(host) && !isFDQN(host, options) && (!ipv6 || !isIP(ipv6, 6)) && host !== 'localhost') {
+  if (!isIP(host) && !isFDQN(host, options) && (!ipv6 || !isIP(ipv6, 6))) {
     return false;
   }
 

diff --git a/validator.min.js b/validator.min.js
-Original file line number
+Diff line change
@@ Expand Up / @@ -125,7 +125,7 @@ function isURL(url, options) { @@
         }
       }
-      if (!(0, _isIP2.default)(host) && !(0, _isFQDN2.default)(host, options) && (!ipv6 || !(0, _isIP2.default)(ipv6, 6)) && host !== 'localhost') {
+      if (!(0, _isIP2.default)(host) && !(0, _isFQDN2.default)(host, options) && (!ipv6 || !(0, _isIP2.default)(ipv6, 6))) {
         return false;
       }
@@ Expand Down @@