fix(isUrl): add proper validation for emails (#1425)

heanzyzabala · web-flow · commit 0177658d9ad5 · 2020-08-31T10:25:03.000+03:00
diff --git a/src/lib/isURL.js b/src/lib/isURL.js
@@ -100,7 +100,7 @@ export default function isURL(url, options) {
       return false;
     }
     auth = split.shift();
-    if (auth.indexOf(':') >= 0 && auth.split(':').length > 2) {
+    if (auth.indexOf(':') === -1 || (auth.indexOf(':') >= 0 && auth.split(':').length > 2)) {
       return false;
     }
   }
diff --git a/test/validators.js b/test/validators.js
@@ -339,6 +339,7 @@ describe('Validators', () => {
         'http://[::FFFF:129.144.52.38]:80/index.html',
         'http://[2010:836B:4179::836B:4179]',
         'http://example.com/example.json#/foo/bar',
+        'http://user:@www.foobar.com',
       ],
       invalid: [
         'http://localhost:3000/',
@@ -379,6 +380,7 @@ describe('Validators', () => {
         '////foobar.com',
         'http:////foobar.com',
         'https://example.com/foo/<script>alert(\'XSS\')</script>/',
+        'myemail@mail.com',
       ],
     });
   });

Original file line number	Diff line number	Diff line change
`@@ -100,7 +100,7 @@ export default function isURL(url, options) {`
`100`	`100`	`return false;`
`101`	`101`	`}`
`102`	`102`	`auth = split.shift();`
`103`		`- if (auth.indexOf(':') >= 0 && auth.split(':').length > 2) {`
	`103`	`+ if (auth.indexOf(':') === -1 \|\| (auth.indexOf(':') >= 0 && auth.split(':').length > 2)) {`
`104`	`104`	`return false;`
`105`	`105`	`}`
`106`	`106`	`}`