fix: Remove auto-trimming of input

BREAKING CHANGE: parseDomain won't .trim() the given input. The input is interpreted as it is. If you want to trim the input, you need to call .trim() before passing it to parseDomain. Auto-trimming the input changes the domain and might not be desired if any character (such as whitespace) is allowed (e.g. when using lax validation).
peerigon · Jan 23, 2022 · 4ea86a1 · 4ea86a1
1 parent a5fa416
commit 4ea86a1
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 9 deletions.
diff --git a/src/parse-domain.test.ts b/src/parse-domain.test.ts
@@ -583,6 +583,20 @@ describe(parseDomain.name, () => {
     });
   });
 
+  // The hostname should be interpreted as it is.
+  // Auto-trimming the input changes the domain and might not be
+  // desired if any character (such as whitespace) is allowed
+  // (e.g. when using lax validation).
+  // Trimming can always happen on the caller side.
+  test("does not trim the hostname", () => {
+    expect(parseDomain(" com", { validation: Validation.Lax })).toMatchObject({
+      type: ParseResultType.NotListed,
+    });
+    expect(parseDomain("com ", { validation: Validation.Lax })).toMatchObject({
+      type: ParseResultType.NotListed,
+    });
+  });
+
   test("returns the input hostname in the result", () => {
     expect(parseDomain("www.EXAMPLE.com")).toMatchObject({
       hostname: "www.EXAMPLE.com",

diff --git a/src/sanitize.ts b/src/sanitize.ts
@@ -147,19 +147,17 @@ export const sanitize = (
     };
   }
 
-  const inputTrimmed = input.trim();
-
-  if (inputTrimmed === "") {
+  if (input === "") {
     return {
       type: SanitizationResultType.ValidDomain,
-      domain: inputTrimmed,
+      domain: input,
       labels: [],
     };
   }
 
   // IPv6 addresses are surrounded by square brackets in URLs
   // See https://tools.ietf.org/html/rfc3986#section-3.2.2
-  const inputTrimmedAsIp = inputTrimmed.replace(/^\[|]$/g, "");
+  const inputTrimmedAsIp = input.replace(/^\[|]$/g, "");
   const ipVersionOfInput = ipVersion(inputTrimmedAsIp);
 
   if (ipVersionOfInput !== undefined) {
@@ -170,15 +168,15 @@ export const sanitize = (
     };
   }
 
-  const lastChar = inputTrimmed.charAt(inputTrimmed.length - 1);
+  const lastChar = input.charAt(input.length - 1);
   const canonicalInput =
-    lastChar === LABEL_SEPARATOR ? inputTrimmed.slice(0, -1) : inputTrimmed;
+    lastChar === LABEL_SEPARATOR ? input.slice(0, -1) : input;
   const octets = new TextEncoder().encode(canonicalInput);
 
   if (octets.length > DOMAIN_LENGTH_MAX) {
     return {
       type: SanitizationResultType.Error,
-      errors: [createDomainMaxLengthError(inputTrimmed, octets.length)],
+      errors: [createDomainMaxLengthError(input, octets.length)],
     };
   }
 
@@ -196,7 +194,7 @@ export const sanitize = (
 
   return {
     type: SanitizationResultType.ValidDomain,
-    domain: inputTrimmed,
+    domain: input,
     labels,
   };
 };