tldts-experimental
Version:
Library to work against complex domain names, subdomains and URIs.
951 lines (940 loc) • 160 kB
JavaScript
'use strict';
/**
* Check if `vhost` is a valid suffix of `hostname` (top-domain)
*
* It means that `vhost` needs to be a suffix of `hostname` and we then need to
* make sure that: either they are equal, or the character preceding `vhost` in
* `hostname` is a '.' (it should not be a partial label).
*
* * hostname = 'not.evil.com' and vhost = 'vil.com' => not ok
* * hostname = 'not.evil.com' and vhost = 'evil.com' => ok
* * hostname = 'not.evil.com' and vhost = 'not.evil.com' => ok
*/
function shareSameDomainSuffix(hostname, vhost) {
if (hostname.endsWith(vhost)) {
return (hostname.length === vhost.length ||
hostname[hostname.length - vhost.length - 1] === '.');
}
return false;
}
/**
* Given a hostname and its public suffix, extract the general domain.
*/
function extractDomainWithSuffix(hostname, publicSuffix) {
// Locate the index of the last '.' in the part of the `hostname` preceding
// the public suffix.
//
// examples:
// 1. not.evil.co.uk => evil.co.uk
// ^ ^
// | | start of public suffix
// | index of the last dot
//
// 2. example.co.uk => example.co.uk
// ^ ^
// | | start of public suffix
// |
// | (-1) no dot found before the public suffix
const publicSuffixIndex = hostname.length - publicSuffix.length - 2;
const lastDotBeforeSuffixIndex = hostname.lastIndexOf('.', publicSuffixIndex);
// No '.' found, then `hostname` is the general domain (no sub-domain)
if (lastDotBeforeSuffixIndex === -1) {
return hostname;
}
// Extract the part between the last '.'
return hostname.slice(lastDotBeforeSuffixIndex + 1);
}
/**
* Detects the domain based on rules and upon and a host string
*/
function getDomain$1(suffix, hostname, options) {
// Check if `hostname` ends with a member of `validHosts`.
if (options.validHosts !== null) {
const validHosts = options.validHosts;
for (const vhost of validHosts) {
if ( /*@__INLINE__*/shareSameDomainSuffix(hostname, vhost)) {
return vhost;
}
}
}
let numberOfLeadingDots = 0;
if (hostname.startsWith('.')) {
while (numberOfLeadingDots < hostname.length &&
hostname[numberOfLeadingDots] === '.') {
numberOfLeadingDots += 1;
}
}
// If `hostname` is a valid public suffix, then there is no domain to return.
// Since we already know that `getPublicSuffix` returns a suffix of `hostname`
// there is no need to perform a string comparison and we only compare the
// size.
if (suffix.length === hostname.length - numberOfLeadingDots) {
return null;
}
// To extract the general domain, we start by identifying the public suffix
// (if any), then consider the domain to be the public suffix with one added
// level of depth. (e.g.: if hostname is `not.evil.co.uk` and public suffix:
// `co.uk`, then we take one more level: `evil`, giving the final result:
// `evil.co.uk`).
return /*@__INLINE__*/ extractDomainWithSuffix(hostname, suffix);
}
/**
* Return the part of domain without suffix.
*
* Example: for domain 'foo.com', the result would be 'foo'.
*/
function getDomainWithoutSuffix$1(domain, suffix) {
// Note: here `domain` and `suffix` cannot have the same length because in
// this case we set `domain` to `null` instead. It is thus safe to assume
// that `suffix` is shorter than `domain`.
return domain.slice(0, -suffix.length - 1);
}
/**
* Matches an ASCII tab (U+0009) or newline (U+000A / U+000D). The WHATWG URL
* parser strips these before parsing; we only allocate a cleaned copy (and
* re-parse) on the rare input that actually contains one.
*/
const CONTROL_CHARS = /[\t\n\r]/g;
// Set by `extractHostname` (a module-scope flag, read synchronously by
// `parseImpl` right after the call — same pattern as the reused RESULT object).
// `true` ONLY when extraction validated the returned host inline (a confirmed-
// valid, "simple" authority) so `parseImpl` can skip the separate
// `isValidHostname` pass. `false` in every other case (validation disabled, a
// complex authority — userinfo/port/brackets/trailing-dot/control — an invalid
// host, or a non-main return path); `parseImpl` then validates as usual. The
// fast path can only ever SKIP a redundant scan for hosts already known valid,
// never accept an invalid one.
let extractedHostnameValidated = false;
/**
* True if char `code` is a valid hostname character. This is the per-char half
* of `is-valid.ts`'s `isValidAscii` (a-z, 0-9, > U+007F) PLUS three additions:
* A-Z (the host is lowercased before validation, so uppercase ≡ a valid
* lowercase letter) and '-' / '_' (valid inside a label). KEEP IN SYNC with
* `is-valid.ts`: these rules are deliberately duplicated to validate during
* extraction, so any change to the accepted character set there must be
* mirrored here (and vice-versa).
*/
function isValidHostnameChar(code) {
return ((code >= 97 && code <= 122) || // a-z
(code >= 48 && code <= 57) || // 0-9
code > 127 || // non-ASCII (accepted, not punycode-checked)
(code >= 65 && code <= 90) || // A-Z (becomes valid once lowercased)
code === 45 || // '-'
code === 95 // '_'
);
}
/**
* Classify scheme `url.slice(schemeStart, colonIndex)` as a WHATWG special
* scheme without allocating a substring (case-insensitive via `| 32`).
* Special schemes: ftp, file, http, https, ws, wss
* (https://url.spec.whatwg.org/#special-scheme).
*
* @returns 0 = not special, 1 = special, 2 = file (its host sits only between
* "//" and the next slash).
*/
function getSpecialScheme(url, schemeStart, colonIndex) {
const length = colonIndex - schemeStart;
const c0 = url.charCodeAt(schemeStart) | 32;
if (length === 2) {
return c0 === 119 && (url.charCodeAt(schemeStart + 1) | 32) === 115 ? 1 : 0; // ws
}
else if (length === 3) {
const c1 = url.charCodeAt(schemeStart + 1) | 32;
const c2 = url.charCodeAt(schemeStart + 2) | 32;
if (c0 === 119 && c1 === 115 && c2 === 115)
return 1; // wss
if (c0 === 102 && c1 === 116 && c2 === 112)
return 1; // ftp
return 0;
}
else if (length === 4) {
const c1 = url.charCodeAt(schemeStart + 1) | 32;
const c2 = url.charCodeAt(schemeStart + 2) | 32;
const c3 = url.charCodeAt(schemeStart + 3) | 32;
if (c0 === 104 && c1 === 116 && c2 === 116 && c3 === 112)
return 1; // http
if (c0 === 102 && c1 === 105 && c2 === 108 && c3 === 101)
return 2; // file
return 0;
}
else if (length === 5) {
return c0 === 104 &&
(url.charCodeAt(schemeStart + 1) | 32) === 116 &&
(url.charCodeAt(schemeStart + 2) | 32) === 116 &&
(url.charCodeAt(schemeStart + 3) | 32) === 112 &&
(url.charCodeAt(schemeStart + 4) | 32) === 115
? 1
: 0; // https
}
return 0;
}
/**
* Extract a hostname from `url`, matching a WHATWG URL parser's host-boundary
* behaviour (https://url.spec.whatwg.org/#concept-basic-url-parser) for tldts'
* scope. It deliberately does NOT normalise the host (no IDNA/punycode or IPv4
* canonicalisation; IPv6 brackets are stripped, not compressed), strips trailing
* dots, and stays lenient where a strict parser rejects (bare host:port,
* out-of-range port, user@host) — all documented deviations.
*
* @param urlIsValidHostname - when true, `url` is already a valid hostname and is
* returned by the same reference (factory.ts skips re-validation on that
* identity), keeping the common path allocation-free.
* @param validate - when true, validate the host inline during the authority
* scan and publish the verdict via `extractedHostnameValidated` so `parseImpl`
* can skip the redundant `isValidHostname` pass for simple authorities.
*/
function extractHostname(url, urlIsValidHostname, validate = false) {
let start = 0;
let end = url.length;
let hasUpper = false;
let isSpecial = false;
extractedHostnameValidated = false;
if (!urlIsValidHostname) {
// Data URLs never carry a host (and may be huge — short-circuit them).
if (url.startsWith('data:')) {
return null;
}
// WHATWG step 1: trim leading/trailing C0 control or space (<= U+0020).
// Tab/newline elsewhere are handled lazily below.
while (start < url.length && url.charCodeAt(start) <= 32) {
start += 1;
}
while (end > start + 1 && url.charCodeAt(end - 1) <= 32) {
end -= 1;
}
if (url.charCodeAt(start) === 47 /* '/' */ &&
url.charCodeAt(start + 1) === 47 /* '/' */) {
// Scheme-relative reference ("//host/path").
start += 2;
}
else {
const indexOfProtocol = url.indexOf(':/', start);
if (indexOfProtocol !== -1) {
// "scheme://…". Classify the scheme, then position `start` at the host.
const special = getSpecialScheme(url, start, indexOfProtocol);
if (special === 1) {
// Special scheme: skip the run of '/' and '\' after it
// (special-authority-(ignore-)slashes states; '\' acts as '/').
isSpecial = true;
start = indexOfProtocol + 2;
while (url.charCodeAt(start) === 47 /* '/' */ ||
url.charCodeAt(start) === 92 /* '\' */) {
start += 1;
}
}
else if (special === 2) {
// file: the host is only what sits between "//" and the next slash, so
// "file://h/x" => "h" but "file:///x" / "file:/x" => no host.
isSpecial = true;
start = indexOfProtocol + 1;
let slashes = 0;
while ((url.charCodeAt(start) === 47 || url.charCodeAt(start) === 92) &&
slashes < 2) {
start += 1;
slashes += 1;
}
if (slashes < 2) {
return null;
}
}
else {
// Unknown scheme: validate the WHATWG scheme grammar [A-Za-z0-9+.-];
// a control char means it was split by a tab/newline (strip + re-parse).
for (let i = start; i < indexOfProtocol; i += 1) {
const code = url.charCodeAt(i) | 32;
if (!(((code >= 97 && code <= 122) || // [a, z]
(code >= 48 && code <= 57) || // [0, 9]
code === 46 || // '.'
code === 45 || // '-'
code === 43) // '+'
)) {
const raw = url.charCodeAt(i);
if (raw === 9 || raw === 10 || raw === 13) {
return extractHostname(url.replace(CONTROL_CHARS, ''), urlIsValidHostname, validate);
}
return null;
}
}
// A non-special scheme has an authority only after "//" (else it is an
// opaque path with no host). `indexOf(':/')` already gave the first '/'.
if (url.charCodeAt(indexOfProtocol + 2) === 47 /* '/' */) {
start = indexOfProtocol + 3;
}
else {
return null;
}
}
}
else if (url.charCodeAt(start) !== 91 /* '[' */) {
// Cold path: no scheme "://", and not a bare IPv6 literal (whose first
// ':' would otherwise look like a scheme separator; "[…]" falls through
// to the ipv6 handling below). May be a bare host, a host:port, a
// user@host, a slash-less special scheme ("https:host"), or an opaque
// URI ("mailto:", "tel:", "urn:…").
let indexOfColon = -1;
for (let i = start; i < end; i += 1) {
const code = url.charCodeAt(i);
if (code === 9 || code === 10 || code === 13) {
return extractHostname(url.replace(CONTROL_CHARS, ''), urlIsValidHostname, validate);
}
if (code === 58 /* ':' */) {
indexOfColon = i;
break;
}
if (code === 47 || code === 92 || code === 63 || code === 35) {
break;
}
}
if (indexOfColon !== -1) {
// An '@' before the next delimiter => the ':' is userinfo, not a
// scheme ("user:pass@host", "mailto:a@b"): keep the whole authority.
let hasIdentifier = false;
for (let i = indexOfColon + 1; i < end; i += 1) {
const code = url.charCodeAt(i);
if (code === 47 || code === 92 || code === 63 || code === 35) {
break;
}
if (code === 64 /* '@' */) {
hasIdentifier = true;
break;
}
}
if (!hasIdentifier) {
// All-digits after ':' => a bare "host:port" (tldts accepts
// hostnames too); keep `start` and let the port handling trim it.
let allDigits = true;
let i = indexOfColon + 1;
for (; i < end; i += 1) {
const code = url.charCodeAt(i);
if (code === 47 || code === 92 || code === 63 || code === 35) {
break;
}
if (code < 48 /* '0' */ || code > 57 /* '9' */) {
allDigits = false;
break;
}
}
if (i === indexOfColon + 1) {
allDigits = false; // nothing after ':' => not a port
}
if (!allDigits) {
const special = getSpecialScheme(url, start, indexOfColon);
if (special === 0) {
// No "://" anywhere on the cold path and not a special scheme.
// A second ':' before the host's end marks a bare, unbracketed
// IPv6 literal ("2a01:e35::1"): fall through and let the host
// loop + isIp classify it. Without one this is an opaque path
// with no host ("mailto:x", "foo:bar").
let isBareIpv6 = false;
for (let j = indexOfColon + 1; j < end; j += 1) {
const code = url.charCodeAt(j);
if (code === 47 ||
code === 92 ||
code === 63 ||
code === 35) {
break;
}
if (code === 58 /* ':' */) {
isBareIpv6 = true;
break;
}
}
if (!isBareIpv6) {
return null;
}
}
else {
isSpecial = true;
start = indexOfColon + 1;
if (special === 2) {
// file (e.g. "file:\\host"): host only between "//" and next slash.
let slashes = 0;
while ((url.charCodeAt(start) === 47 ||
url.charCodeAt(start) === 92) &&
slashes < 2) {
start += 1;
slashes += 1;
}
if (slashes < 2) {
return null;
}
}
else {
while (url.charCodeAt(start) === 47 ||
url.charCodeAt(start) === 92) {
start += 1;
}
}
}
}
}
}
}
}
// Find the host's end: first '/', '?' or '#' (and '\' for special URLs,
// which WHATWG treats like '/'). Track the last '@', ']' and ':' for
// userinfo, ipv6 and port, plus the first ':' of the host (reset at each
// '@') to tell a bare IPv6 (>= 2 colons) from a host:port (exactly one);
// flag uppercase and a stray tab/newline. The loop is split on `code < 64`
// so common host characters take fewer comparisons.
//
// When `validate`, also accumulate `is-valid.ts`'s checks over the scanned
// run so a simple authority's host can be validated in this single pass.
// `vValid` only stays meaningful for a "simple" authority (no userinfo, port,
// brackets, control or trailing dot); those cases clear it / are rejected by
// the guard below, falling back to `isValidHostname`.
let indexOfIdentifier = -1;
let indexOfClosingBracket = -1;
let indexOfPort = -1;
let indexOfFirstColon = -1;
let hasControl = false;
let vValid = validate; // seeded true when validating; cleared on the first invalid char
let vLastDot = start - 1; // mirrors is-valid.ts `lastDotIndex = -1` at host start
let vLastCode = -1;
if (validate && start < end) {
// First-char rule: must be a valid host char, '.', or '_' (NOT '-').
const c0 = url.charCodeAt(start);
if (!(
/*@__INLINE__*/ (isValidHostnameChar(c0) ||
c0 === 46 /* '.' */ ||
c0 === 95 /* '_' */)) ||
c0 === 45 /* '-' (isValidHostnameChar allows it mid-label, not first) */) {
vValid = false;
}
}
for (let i = start; i < end; i += 1) {
const code = url.charCodeAt(i);
if (code < 64) {
if (code === 47 || code === 35 || code === 63) {
end = i;
break;
}
else if (code === 58 /* ':' */) {
if (indexOfFirstColon === -1) {
indexOfFirstColon = i;
}
indexOfPort = i;
}
else if (code === 9 || code === 10 || code === 13) {
hasControl = true;
}
else if (validate) {
if (code === 46 /* '.' */) {
if (i - vLastDot > 64 || vLastCode === 46 || vLastCode === 45) {
vValid = false;
}
vLastDot = i;
}
else if (code < 48 || code > 57) {
// < 64 and not a delimiter/dot/digit => only '-' (45) is a valid
// host char here; everything else (space, %, !, etc.) is invalid.
// A '-' must also not START a label (the byte right after a '.') —
// mirrors is-valid.ts; the first label is covered by the first-char
// rule above. (RFC 1034 §3.5 / RFC 1035 §2.3.1 LDH.)
if (code !== 45 || vLastCode === 46 /* label-leading '-' */) {
vValid = false;
}
}
}
}
else if (isSpecial && code === 92 /* '\' */) {
end = i;
break;
}
else if (code === 64 /* '@' */) {
indexOfIdentifier = i;
indexOfFirstColon = -1; // colons before '@' are userinfo, not the host
}
else if (code === 93 /* ']' */) {
indexOfClosingBracket = i;
}
else if (code >= 65 && code <= 90) {
hasUpper = true;
}
else if (validate && !( /*@__INLINE__*/isValidHostnameChar(code))) {
// >= 64, not '@'/']'/upper: valid only if a-z, '_', or non-ASCII.
vValid = false;
}
if (validate) {
vLastCode = code;
}
}
// A tab/newline inside the authority: strip everything and re-parse (rare).
if (hasControl) {
return extractHostname(url.replace(CONTROL_CHARS, ''), urlIsValidHostname, validate);
}
// Skip userinfo. '>= start' so an empty userinfo ("http://@host") works too.
if (indexOfIdentifier !== -1 &&
indexOfIdentifier >= start &&
indexOfIdentifier < end) {
start = indexOfIdentifier + 1;
}
if (url.charCodeAt(start) === 91 /* '[' */) {
// ipv6 address: return what is between the brackets, or null if unclosed.
if (indexOfClosingBracket !== -1) {
return url.slice(start + 1, indexOfClosingBracket).toLowerCase();
}
return null;
}
else if (indexOfPort !== -1 &&
indexOfPort > start &&
indexOfPort < end &&
// A host:port has exactly one ':' in the host (so its first ':' is its
// last); a bare, unbracketed IPv6 literal ("2a01:e35::1") has >= 2, so
// its first ':' precedes the last. Only the former has a ':port' to trim.
indexOfFirstColon === indexOfPort) {
end = indexOfPort; // trim ':port'
}
// Empty authority ("http://", "file:///path", "//"); only reachable here via
// extraction — a bare valid hostname never lands here.
if (start >= end) {
return null;
}
// Publish the inline-validation verdict — but only for a "simple" authority,
// where the scanned run equals the final host: no userinfo skip, no port
// trim, no brackets, no trailing dot (trimmed below), and length within RFC
// limits. Anything else leaves it `false` so `parseImpl` re-validates.
//
// Every clause below is load-bearing for CORRECTNESS, not just speed: the
// loop accumulates `vValid` over the whole scanned run (it does not stop at
// ':' or '@', so any port/userinfo bytes are included), so the verdict is
// only sound when that run equals the final host. Do not drop a clause as
// "redundant" — e.g. without `indexOfPort === -1`, `host:8080` would be
// wrongly accepted.
if (validate &&
vValid &&
indexOfIdentifier === -1 &&
indexOfPort === -1 &&
indexOfClosingBracket === -1 &&
url.charCodeAt(end - 1) !== 46 /* no trailing dot */ &&
end - start <= 255 && // total length
end - vLastDot - 1 <= 63 && // last label length
vLastCode !== 45 /* last char not '-' */) {
extractedHostnameValidated = true;
}
}
// Trim trailing dots
while (end > start + 1 && url.charCodeAt(end - 1) === 46 /* '.' */) {
end -= 1;
}
const hostname = start !== 0 || end !== url.length ? url.slice(start, end) : url;
if (hasUpper) {
return hostname.toLowerCase();
}
return hostname;
}
/**
* Check if a hostname is an IP. You should be aware that this only works
* because `hostname` is already garanteed to be a valid hostname!
*/
function isProbablyIpv4(hostname) {
// Cannot be shorted than 1.1.1.1
if (hostname.length < 7) {
return false;
}
// Cannot be longer than: 255.255.255.255
if (hostname.length > 15) {
return false;
}
let numberOfDots = 0;
for (let i = 0; i < hostname.length; i += 1) {
const code = hostname.charCodeAt(i);
if (code === 46 /* '.' */) {
numberOfDots += 1;
}
else if (code < 48 /* '0' */ || code > 57 /* '9' */) {
return false;
}
}
return (numberOfDots === 3 &&
hostname.charCodeAt(0) !== 46 /* '.' */ &&
hostname.charCodeAt(hostname.length - 1) !== 46 /* '.' */);
}
/**
* Similar to isProbablyIpv4.
*/
function isProbablyIpv6(hostname) {
if (hostname.length < 3) {
return false;
}
let start = hostname.startsWith('[') ? 1 : 0;
let end = hostname.length;
if (hostname[end - 1] === ']') {
end -= 1;
}
// We only consider the maximum size of a normal IPV6. Note that this will
// fail on so-called "IPv4 mapped IPv6 addresses" but this is a corner-case
// and a proper validation library should be used for these.
if (end - start > 39) {
return false;
}
let hasColon = false;
for (; start < end; start += 1) {
const code = hostname.charCodeAt(start);
if (code === 58 /* ':' */) {
hasColon = true;
}
else if (!(((code >= 48 && code <= 57) || // 0-9
(code >= 97 && code <= 102) || // a-f
(code >= 65 && code <= 70)) // A-F (RFC 4291 §2.2: an IPv6 hextet is hex digits only)
)) {
return false;
}
}
return hasColon;
}
/**
* Check if `hostname` is *probably* a valid ip addr (either ipv6 or ipv4).
* This *will not* work on any string. We need `hostname` to be a valid
* hostname.
*/
function isIp(hostname) {
return isProbablyIpv6(hostname) || isProbablyIpv4(hostname);
}
/**
* Special-use domain names from the IANA "Special-Use Domain Names" registry:
* the authoritative list, created by RFC 6761 and maintained as new RFCs add to
* it: https://www.iana.org/assignments/special-use-domain-names/
* Snapshot: 2026-05-24. (RFC 6761 is not obsoleted; draft-hoffman-rfc6761bis
* proposes to retire its prose but keep this registry, so the registry is the
* source of truth; re-sync this list against it.)
*
* These names never correspond to a public registration, yet neither
* `isIcann` nor `isPrivate` marks one as special-use: most are absent from the
* Public Suffix List (so `a.test` looks like a registrable domain), and the
* few that are listed (`onion`, `home.arpa`) appear there as ordinary ICANN
* suffixes. `isSpecialUse` is the single signal that covers them all.
*
* Per the registry and RFC 6761 ("and any names falling within these domains"),
* the designation covers each listed name AND all of its sub-domains. DNS labels
* are case-insensitive (RFC 4343); `hostname` is expected to be already
* lower-cased and trailing-dot-stripped, as produced by `extractHostname`, the
* same normalization the Public-Suffix-List lookup relies on.
*
* Two groups of registry entries are intentionally excluded: the numeric
* reverse-DNS delegation zones (`10.in-addr.arpa`, the `*.ip6.arpa` ranges, …),
* which are reverse-DNS PTR zones rather than hostnames and whose parents
* (`in-addr.arpa`/`ip6.arpa`) are already in the Public Suffix List; and the
* deprecated `eap-noob.arpa` entry.
*/
const SPECIAL_USE_DOMAINS = [
'test', // RFC 6761
'localhost', // RFC 6761
'invalid', // RFC 6761
'example', // RFC 6761
'example.com', // RFC 6761
'example.net', // RFC 6761
'example.org', // RFC 6761
'local', // RFC 6762 (mDNS)
'onion', // RFC 7686 (Tor)
'alt', // RFC 9476
'home.arpa', // RFC 8375
'ipv4only.arpa', // RFC 8880
'resolver.arpa', // RFC 9462
'service.arpa', // RFC 9665
'6tisch.arpa', // RFC 9031
'eap.arpa', // RFC 9965
];
/**
* Return `true` if `hostname` is, or is a sub-domain of, a special-use domain
* (see the registry note above). Expects an already-normalized `hostname`.
*/
function isSpecialUse(hostname) {
for (const name of SPECIAL_USE_DOMAINS) {
// Match on a label boundary: `hostname` is either exactly `name` or ends
// with `.name` (so `latest` is not matched by `test`, nor `myexample.com`
// by `example.com`).
if (hostname.endsWith(name) &&
(hostname.length === name.length ||
hostname.charCodeAt(hostname.length - name.length - 1) === 46) /* '.' */) {
return true;
}
}
return false;
}
/**
* Implements fast shallow verification of hostnames. This does not perform a
* struct check on the content of labels (classes of Unicode characters, etc.)
* but instead check that the structure is valid (number of labels, length of
* labels, etc.).
*
* If you need stricter validation, consider using an external library.
*/
// KEEP IN SYNC with `extract-hostname.ts` `isValidHostnameChar` + its inline
// scan/verdict, which duplicate these structural rules to validate during
// extraction (a perf fusion). That copy additionally accepts A-Z (the host is
// not yet lowercased there) and folds in '-' / '_'. Any change to the accepted
// character set or the label/length rules here must be mirrored there.
function isValidAscii(code) {
return ((code >= 97 && code <= 122) || (code >= 48 && code <= 57) || code > 127);
}
/**
* Check if a hostname string is valid. It's usually a preliminary check before
* trying to use getDomain or anything else.
*
* Beware: it does not check if the TLD exists.
*/
function isValidHostname (hostname) {
if (hostname.length > 255) {
return false;
}
if (hostname.length === 0) {
return false;
}
if (
/*@__INLINE__*/ !isValidAscii(hostname.charCodeAt(0)) &&
hostname.charCodeAt(0) !== 46 && // '.' (dot)
hostname.charCodeAt(0) !== 95 // '_' (underscore)
) {
return false;
}
// Validate hostname according to RFC
let lastDotIndex = -1;
let lastCharCode = -1;
const len = hostname.length;
for (let i = 0; i < len; i += 1) {
const code = hostname.charCodeAt(i);
if (code === 46 /* '.' */) {
if (
// Check that previous label is < 63 bytes long (64 = 63 + '.')
i - lastDotIndex > 64 ||
// Check that previous character was not already a '.'
lastCharCode === 46 ||
// Check that the previous label does not end with '-' (RFC 1035 §2.3.1 LDH).
// '_' is intentionally NOT restricted: DNS allows any octet (RFC 2181 §11) and
// WHATWG URL does not treat '_' as a forbidden host code point.
lastCharCode === 45) {
return false;
}
lastDotIndex = i;
}
else if (
// A forbidden character in the label...
!( /*@__INLINE__*/(isValidAscii(code) || code === 45 || code === 95)) ||
// ...or a '-' starting a label (the byte right after a '.'). A label must
// not begin with a hyphen (RFC 1034 §3.5 / RFC 1035 §2.3.1 LDH, as amended
// by RFC 1123 §2.1; cf. UTS #46 CheckHyphens). The first label is covered by
// the leading-character guard above; mirrors the trailing-'-' rule below.
(code === 45 && lastCharCode === 46)) {
return false;
}
lastCharCode = code;
}
return (
// Check that last label is shorter than 63 chars
len - lastDotIndex - 1 <= 63 &&
// Check that the last character is an allowed trailing label character.
// Since we already checked that the char is a valid hostname character,
// we only need to check that it's different from '-'.
lastCharCode !== 45);
}
function setDefaultsImpl({ allowIcannDomains = true, allowPrivateDomains = false, detectIp = true, detectSpecialUse = false, extractHostname = true, mixedInputs = true, validHosts = null, validateHostname = true, }) {
return {
allowIcannDomains,
allowPrivateDomains,
detectIp,
detectSpecialUse,
extractHostname,
mixedInputs,
validHosts,
validateHostname,
};
}
const DEFAULT_OPTIONS = /*@__INLINE__*/ setDefaultsImpl({});
function setDefaults(options) {
if (options === undefined) {
return DEFAULT_OPTIONS;
}
return /*@__INLINE__*/ setDefaultsImpl(options);
}
/**
* Returns the subdomain of a hostname string
*/
function getSubdomain$1(hostname, domain) {
// If `hostname` and `domain` are the same, then there is no sub-domain
if (domain.length === hostname.length) {
return '';
}
return hostname.slice(0, -domain.length - 1);
}
/**
* Implement a factory allowing to plug different implementations of suffix
* lookup (e.g.: using a trie or the packed hashes datastructures). This is used
* and exposed in `tldts.ts` and `tldts-experimental.ts` bundle entrypoints.
*/
function getEmptyResult() {
return {
domain: null,
domainWithoutSuffix: null,
hostname: null,
isIcann: null,
isIp: null,
isPrivate: null,
isSpecialUse: null,
publicSuffix: null,
subdomain: null,
};
}
function resetResult(result) {
result.domain = null;
result.domainWithoutSuffix = null;
result.hostname = null;
result.isIcann = null;
result.isIp = null;
result.isPrivate = null;
result.isSpecialUse = null;
result.publicSuffix = null;
result.subdomain = null;
}
function parseImpl(url, step, suffixLookup, partialOptions, result) {
const options = /*@__INLINE__*/ setDefaults(partialOptions);
// Very fast approximate check to make sure `url` is a string. This is needed
// because the library will not necessarily be used in a typed setup and
// values of arbitrary types might be given as argument.
if (typeof url !== 'string') {
return result;
}
// Extract hostname from `url` only if needed. This can be made optional
// using `options.extractHostname`. This option will typically be used
// whenever we are sure the inputs to `parse` are already hostnames and not
// arbitrary URLs.
//
// `mixedInput` allows to specify if we expect a mix of URLs and hostnames
// as input. If only hostnames are expected then `extractHostname` can be
// set to `false` to speed-up parsing. If only URLs are expected then
// `mixedInputs` can be set to `false`. The `mixedInputs` is only a hint
// and will not change the behavior of the library.
// Whether `url` itself was already a valid hostname (only computed on the
// mixedInputs path). Lets us skip the post-extraction validation below when
// extractHostname returned `url` unchanged (same reference).
let urlIsValid = false;
if (!options.extractHostname) {
result.hostname = url;
}
else if (options.mixedInputs) {
urlIsValid = isValidHostname(url);
result.hostname = extractHostname(url, urlIsValid, options.validateHostname);
}
else {
result.hostname = extractHostname(url, false, options.validateHostname);
}
// Check if `hostname` is a valid ip address
if (options.detectIp && result.hostname !== null) {
result.isIp = isIp(result.hostname);
if (result.isIp) {
return result;
}
}
// Perform hostname validation if enabled. If hostname is not valid, no need to
// go further as there will be no valid domain or sub-domain. This validation
// is applied before any early returns to ensure consistent behavior across
// all API methods including getHostname().
if (options.validateHostname &&
options.extractHostname &&
result.hostname !== null &&
// Skip the re-scan when `url` was already validated and extractHostname
// returned it unchanged (same reference => identical string, still valid).
!(urlIsValid && result.hostname === url) &&
// Skip the re-scan when extractHostname already validated the host inline
// (a confirmed-valid simple authority — see extract-hostname.ts).
!extractedHostnameValidated &&
!isValidHostname(result.hostname)) {
result.hostname = null;
return result;
}
if (step === 0 /* FLAG.HOSTNAME */ || result.hostname === null) {
return result;
}
// Flag special-use domains, only when opted in (`detectSpecialUse`) and only
// for the full `parse()` result (FLAG.ALL). Computed here, before the
// public-suffix/domain early-returns below, so single-label names like
// `localhost` (which have no registrable domain) are still flagged.
if (step === 5 /* FLAG.ALL */ && options.detectSpecialUse) {
result.isSpecialUse = isSpecialUse(result.hostname);
}
// Extract public suffix
suffixLookup(result.hostname, options, result);
if (step === 2 /* FLAG.PUBLIC_SUFFIX */ || result.publicSuffix === null) {
return result;
}
// Extract domain
result.domain = getDomain$1(result.publicSuffix, result.hostname, options);
if (step === 3 /* FLAG.DOMAIN */ || result.domain === null) {
return result;
}
// Extract subdomain
result.subdomain = getSubdomain$1(result.hostname, result.domain);
if (step === 4 /* FLAG.SUB_DOMAIN */) {
return result;
}
// Extract domain without suffix
result.domainWithoutSuffix = getDomainWithoutSuffix$1(result.domain, result.publicSuffix);
return result;
}
function fastPathLookup (hostname, options, out) {
// Fast path for very popular suffixes; this allows to by-pass lookup
// completely as well as any extra allocation or string manipulation.
if (!options.allowPrivateDomains && hostname.length > 3) {
const last = hostname.length - 1;
const c3 = hostname.charCodeAt(last);
const c2 = hostname.charCodeAt(last - 1);
const c1 = hostname.charCodeAt(last - 2);
const c0 = hostname.charCodeAt(last - 3);
if (c3 === 109 /* 'm' */ &&
c2 === 111 /* 'o' */ &&
c1 === 99 /* 'c' */ &&
c0 === 46 /* '.' */) {
out.isIcann = true;
out.isPrivate = false;
out.publicSuffix = 'com';
return true;
}
else if (c3 === 103 /* 'g' */ &&
c2 === 114 /* 'r' */ &&
c1 === 111 /* 'o' */ &&
c0 === 46 /* '.' */) {
out.isIcann = true;
out.isPrivate = false;
out.publicSuffix = 'org';
return true;
}
else if (c3 === 117 /* 'u' */ &&
c2 === 100 /* 'd' */ &&
c1 === 101 /* 'e' */ &&
c0 === 46 /* '.' */) {
out.isIcann = true;
out.isPrivate = false;
out.publicSuffix = 'edu';
return true;
}
else if (c3 === 118 /* 'v' */ &&
c2 === 111 /* 'o' */ &&
c1 === 103 /* 'g' */ &&
c0 === 46 /* '.' */) {
out.isIcann = true;
out.isPrivate = false;
out.publicSuffix = 'gov';
return true;
}
else if (c3 === 116 /* 't' */ &&
c2 === 101 /* 'e' */ &&
c1 === 110 /* 'n' */ &&
c0 === 46 /* '.' */) {
out.isIcann = true;
out.isPrivate = false;
out.publicSuffix = 'net';
return true;
}
else if (c3 === 101 /* 'e' */ &&
c2 === 100 /* 'd' */ &&
c1 === 46 /* '.' */) {
out.isIcann = true;
out.isPrivate = false;
out.publicSuffix = 'de';
return true;
}
}
return false;
}
// Code automatically generated using ./bin/builders/hashes.ts
var packed = new Uint32Array([6, 0, 0, 7, 5860978, 5861026, 5861029, 5861352, 5861357, 5861403, 5861586, 0, 0, 0, 1, 1850179732, 0, 9, 328184559, 1866923597, 2123501943, 2282562397, 2795346450, 3130446446, 3136607046, 3453334789, 4194175729, 87, 3156266, 19510334, 20989895, 64887183, 65021741, 101876503, 177080427, 179500755, 182385953, 311298055, 425802535, 460682395, 492095970, 582839475, 819014943, 819028732, 922117623, 1075688039, 1126402299, 1139486022, 1156921983, 1179004234, 1241916785, 1329165410, 1335010188, 1370787547, 1370800824, 1431231509, 1498275876, 1508988617, 1516508161, 1522025464, 1544104458, 1554032448, 1554653742, 1570707647, 1573939511, 1626814538, 1675555530, 1675593396, 1679919230, 1692185483, 1730108052, 1781528047, 1781528437, 1784183980, 1789539963, 1827963150, 1873769763, 1881070667, 1890696062, 1893848785, 1927992574, 1937808954, 2001752368, 2005097031, 2182413090, 2391299855, 2419619562, 2445171142, 2453492351, 2496327381, 2525245455, 2573179642, 2703420555, 2709520566, 2800127296, 2921343336, 2989808530, 3000405309, 3015527775, 3043937580, 3047607849, 3048022317, 3160720065, 3382460164, 3461355676, 3498015045, 3688442504, 3738715095, 3925657990, 3934774481, 4033285539, 4076983130, 4085096371, 4146774829, 4208486561, 3768, 100835, 372942, 373596, 399643, 403867, 589540, 737224, 1210028, 1861414, 2424682, 2658901, 2946999, 3329363, 3333156, 6942202, 9086062, 9095117, 9267209, 9340158, 9485932, 11010102, 11406846, 16314893, 17546564, 18146303, 18331450, 19211200, 20314441, 20797457, 25057869, 26663359, 28320278, 30499151, 30585840, 36605120, 36775470, 36775473, 36990037, 39275208, 41892561, 42049478, 42538024, 45214788, 47656662, 50173535, 53599326, 53858455, 54537430, 63815836, 69971116, 73517283, 73904368, 75706244, 78793775, 78794171, 79558910, 80324123, 84993902, 87977581, 87978853, 87978860, 93811268, 95641381, 95641777, 96671837, 100511481, 100947456, 108215410, 108929491, 110526112, 110662188, 112311307, 114507832, 116811054, 120488259, 122521550, 133427701, 134012911, 141513861, 141517490, 144349377, 144362028, 144550088, 144770230, 147205859, 147810002, 147989623, 149598895, 150736276, 150856054, 152379730, 156555774, 163952417, 163952613, 163952704, 163952815, 163953167, 163953232, 164189124, 164189258, 164189262, 164189326, 164189691, 164189842, 164560958, 165069166, 165106627, 165107021, 165339368, 165444557, 165444558, 165444615, 165444629, 165444745, 165444749, 165445368, 165512129, 165512527, 165749053, 165749188, 165749299, 165749435, 165749535, 165778992, 165779060, 167155067, 169909265, 169909275, 169909419, 169909512, 169909517, 169909531, 169909608, 169909724, 169909733, 169909734, 169909738, 169909857, 169910036, 169910195, 169910226, 169939304, 169977029, 169977163, 170281136, 170281250, 170281253, 170281258, 170281275, 170281382, 170281390, 170281415, 170281447, 170281457, 170281473, 170281497, 170281511, 170281522, 170281525, 170281528, 170281579, 170281589, 170281687, 170281689, 170281699, 170281742, 170281776, 170281812, 170281852, 170281902, 170281972, 170311352, 170649202, 170649385, 170649596, 171188220, 172078401, 172145927, 172213761, 172213835, 172214443, 172484301, 172788260, 172788319, 172788689, 172788693, 172788754, 172788809, 172788827, 173118530, 173118924, 173253960, 173254504, 173456648, 173591948, 173930212, 173930286, 174129293, 174306499, 174306893, 174307245, 174307439, 174358551, 174374100, 174407806, 174410098, 174488250, 174509317, 174577099, 174606766, 174644617, 174843632, 174844030, 174847160, 175181758, 175524135, 175524873, 176843304, 176948764, 178529610, 178530165, 178530256, 178530299, 178530303, 178530355, 178868363, 178868576, 178868974, 179274397, 179274476, 179379459, 179379616, 179379849, 179379853, 179380220, 179657877, 179692651, 179714168, 179913714, 180090112, 180090244, 180090304, 180090314, 180090337, 180090372, 180090450, 180090510, 180090525, 180090526, 180090587, 180090702, 180091049, 180091118, 180091210, 180091228, 180091258, 180091259, 180283722, 180292996, 180293014, 180293036, 180293067, 180293093, 180293105, 180293124, 180293152, 180293156, 180293169, 180293179, 180293199, 180293253, 180293290, 180293294, 180293300, 180293302, 180293304, 180293317, 180293344, 180293346, 180293381, 180293447, 180293487, 180293501, 180293503, 180293522, 180293535, 180293716, 180293796, 180293819, 180293997, 180294000, 180294004, 180294009, 180428032, 180902137, 180969265, 180969566, 180969653, 180969723, 181105061, 181105190, 181105676, 181240259, 181240353, 181240367, 181240371, 181240391, 181240392, 181240393, 181240398, 181240404, 181240451, 181240474, 181240479, 181240483, 181240490, 181240509, 181240515, 181240844, 181240853, 181240956, 181241149, 181241165, 181241168, 181244839, 181278273, 181375748, 181548621, 181548644, 181548727, 181548873, 181549108, 181549176, 181949900, 181950639, 182056031, 182385920, 182419943, 182893167, 182893283, 182893394, 182893788, 183163149, 183163151, 183163155, 183163168, 183163169, 183163171, 183163181, 183163182, 183163183, 183163186, 183163188, 183163233, 183163248, 183163251, 183163252, 183163254, 183163270, 183163303, 183163314, 183163317, 183163334, 183163335, 183163336, 183163340, 183163345, 183163347, 183163350, 183163362, 183163363, 183163365, 183163366, 183163367, 183163371, 183163375, 183163376, 183163378, 183163380, 183163383, 183163630, 183163631, 183163644, 183163649, 183163651, 183163653, 183163655, 183163664, 183163668, 183163669, 183163678, 183163679, 183163682, 183163687, 183163713, 183163715, 183163728, 183163731, 183163735, 183163742, 183163777, 183163779, 183163780, 183163781, 183163783, 183163796, 183163797, 183163801, 183163843, 183163845, 183163847, 183163859, 183163864, 183163865, 183163874, 183163895, 183163897, 183163913, 183163922, 183163933, 183163960, 183163961, 183163963, 183163977, 183163978, 183163979, 183163981, 183163988, 183163989, 183163991, 183163992, 183163994, 183163995, 183163998, 183164008, 183164010, 183164012, 183164021, 183164025, 183164026, 183164027, 183164029, 183164041, 183164044, 183164045, 183164047, 183164050, 183164051, 183164057, 183164060, 183164061, 183164093, 184080938, 184081253, 184081673, 184081677, 184081778, 184246330, 184246511, 184486318, 184486865, 184487263, 184828195, 184828212, 184844696, 184844824, 184848486, 184848491, 184849029, 184849387, 184859173, 184859210, 184869208, 184869819, 184994607, 185163947, 185216284, 185289081, 185292632, 185295605, 185501943, 185502073, 185502077, 185772974, 186723357, 186723671, 186723801, 186753074, 186763265, 186771866, 186840059, 186858006, 186875993, 186950941, 186953244, 186994101, 186994720, 187011432, 187022814, 187064894, 187067400, 187076090, 187078647, 187088813, 187161171, 187188812, 187203075, 187219343, 187222314, 187251332, 187328908, 187332203, 187378741, 187385256, 187386889, 187403121, 187403860, 187404132, 187409119, 187410536, 187415116, 187415841, 187417183, 187453423, 187455618, 187483569, 187506658, 187521457, 187531575, 187554851, 187557872, 187932036, 187932044, 187932595, 187932730, 187932752, 187932756, 187932794, 187932985, 187932989, 189797875, 189851312, 190236828, 190304994, 190305388, 190575460, 190575594, 190879986, 190880380, 191458643, 191459037, 193856736, 193857103, 193857114, 193857243, 193991787, 194363750, 194498585, 194498630, 194498988, 194499056, 194499063, 194499187, 194532263, 194532626, 194532630, 194532693, 194532760, 194532936, 194533115, 194802308, 194802313, 194802316, 194802351, 194802671, 194802818, 194802832, 194802974, 194803141, 194803143, 194803161, 194803162, 194803220, 194803226, 194803230, 194803290, 194836546, 194870589, 194870610, 194871004, 195040013, 195040230, 195040360, 195077902, 195078025, 195078028, 195078034, 195078035, 195078038, 195078058, 195078062, 195078071, 195078081, 195078095, 195078112, 195078119, 195078120, 195078149, 195078150, 195078156, 195078185, 195078215, 195078217, 195078250, 195078251, 195078272, 195078273, 195078277, 195078283, 195078287, 195078298, 195078299, 195078300, 195078368, 195078372, 195078375, 195078394, 195078464, 195078474, 195078493, 195078531, 195078554, 195078559, 195078687, 195078710, 195078753, 195078828, 195078837, 195078892, 195078895, 195078900, 195078906, 195078959, 195078960, 195078974, 195078995, 195078997, 195079007, 195145607, 195146051, 195817892, 195817910, 195818040, 196653590, 197775763, 198219289, 198248729, 198354195, 198354632, 200387773, 202063369, 203326381, 203326382, 203326695, 203326709, 203326825, 203326829, 203327047, 203327192, 203360584, 203427712, 203428110, 203563443, 203563837, 203664976, 203665374, 203762913, 203901612, 203969343, 204069808, 204070876, 206121592, 207568995, 208227118, 218659706, 219797064, 231775478, 232791016, 232866163, 232870916, 237059472, 238230825, 238671321, 241611072, 245880244, 249954601, 256262487, 257210252, 257542887, 259829097, 260353797, 260353928, 260353938, 260354380, 260381156,