UNPKG

tldts-experimental

Version:

Library to work against complex domain names, subdomains and URIs.

951 lines (940 loc) 160 kB
'use strict'; /** * Check if `vhost` is a valid suffix of `hostname` (top-domain) * * It means that `vhost` needs to be a suffix of `hostname` and we then need to * make sure that: either they are equal, or the character preceding `vhost` in * `hostname` is a '.' (it should not be a partial label). * * * hostname = 'not.evil.com' and vhost = 'vil.com' => not ok * * hostname = 'not.evil.com' and vhost = 'evil.com' => ok * * hostname = 'not.evil.com' and vhost = 'not.evil.com' => ok */ function shareSameDomainSuffix(hostname, vhost) { if (hostname.endsWith(vhost)) { return (hostname.length === vhost.length || hostname[hostname.length - vhost.length - 1] === '.'); } return false; } /** * Given a hostname and its public suffix, extract the general domain. */ function extractDomainWithSuffix(hostname, publicSuffix) { // Locate the index of the last '.' in the part of the `hostname` preceding // the public suffix. // // examples: // 1. not.evil.co.uk => evil.co.uk // ^ ^ // | | start of public suffix // | index of the last dot // // 2. example.co.uk => example.co.uk // ^ ^ // | | start of public suffix // | // | (-1) no dot found before the public suffix const publicSuffixIndex = hostname.length - publicSuffix.length - 2; const lastDotBeforeSuffixIndex = hostname.lastIndexOf('.', publicSuffixIndex); // No '.' found, then `hostname` is the general domain (no sub-domain) if (lastDotBeforeSuffixIndex === -1) { return hostname; } // Extract the part between the last '.' return hostname.slice(lastDotBeforeSuffixIndex + 1); } /** * Detects the domain based on rules and upon and a host string */ function getDomain$1(suffix, hostname, options) { // Check if `hostname` ends with a member of `validHosts`. if (options.validHosts !== null) { const validHosts = options.validHosts; for (const vhost of validHosts) { if ( /*@__INLINE__*/shareSameDomainSuffix(hostname, vhost)) { return vhost; } } } let numberOfLeadingDots = 0; if (hostname.startsWith('.')) { while (numberOfLeadingDots < hostname.length && hostname[numberOfLeadingDots] === '.') { numberOfLeadingDots += 1; } } // If `hostname` is a valid public suffix, then there is no domain to return. // Since we already know that `getPublicSuffix` returns a suffix of `hostname` // there is no need to perform a string comparison and we only compare the // size. if (suffix.length === hostname.length - numberOfLeadingDots) { return null; } // To extract the general domain, we start by identifying the public suffix // (if any), then consider the domain to be the public suffix with one added // level of depth. (e.g.: if hostname is `not.evil.co.uk` and public suffix: // `co.uk`, then we take one more level: `evil`, giving the final result: // `evil.co.uk`). return /*@__INLINE__*/ extractDomainWithSuffix(hostname, suffix); } /** * Return the part of domain without suffix. * * Example: for domain 'foo.com', the result would be 'foo'. */ function getDomainWithoutSuffix$1(domain, suffix) { // Note: here `domain` and `suffix` cannot have the same length because in // this case we set `domain` to `null` instead. It is thus safe to assume // that `suffix` is shorter than `domain`. return domain.slice(0, -suffix.length - 1); } /** * Matches an ASCII tab (U+0009) or newline (U+000A / U+000D). The WHATWG URL * parser strips these before parsing; we only allocate a cleaned copy (and * re-parse) on the rare input that actually contains one. */ const CONTROL_CHARS = /[\t\n\r]/g; // Set by `extractHostname` (a module-scope flag, read synchronously by // `parseImpl` right after the call — same pattern as the reused RESULT object). // `true` ONLY when extraction validated the returned host inline (a confirmed- // valid, "simple" authority) so `parseImpl` can skip the separate // `isValidHostname` pass. `false` in every other case (validation disabled, a // complex authority — userinfo/port/brackets/trailing-dot/control — an invalid // host, or a non-main return path); `parseImpl` then validates as usual. The // fast path can only ever SKIP a redundant scan for hosts already known valid, // never accept an invalid one. let extractedHostnameValidated = false; /** * True if char `code` is a valid hostname character. This is the per-char half * of `is-valid.ts`'s `isValidAscii` (a-z, 0-9, > U+007F) PLUS three additions: * A-Z (the host is lowercased before validation, so uppercase ≡ a valid * lowercase letter) and '-' / '_' (valid inside a label). KEEP IN SYNC with * `is-valid.ts`: these rules are deliberately duplicated to validate during * extraction, so any change to the accepted character set there must be * mirrored here (and vice-versa). */ function isValidHostnameChar(code) { return ((code >= 97 && code <= 122) || // a-z (code >= 48 && code <= 57) || // 0-9 code > 127 || // non-ASCII (accepted, not punycode-checked) (code >= 65 && code <= 90) || // A-Z (becomes valid once lowercased) code === 45 || // '-' code === 95 // '_' ); } /** * Classify scheme `url.slice(schemeStart, colonIndex)` as a WHATWG special * scheme without allocating a substring (case-insensitive via `| 32`). * Special schemes: ftp, file, http, https, ws, wss * (https://url.spec.whatwg.org/#special-scheme). * * @returns 0 = not special, 1 = special, 2 = file (its host sits only between * "//" and the next slash). */ function getSpecialScheme(url, schemeStart, colonIndex) { const length = colonIndex - schemeStart; const c0 = url.charCodeAt(schemeStart) | 32; if (length === 2) { return c0 === 119 && (url.charCodeAt(schemeStart + 1) | 32) === 115 ? 1 : 0; // ws } else if (length === 3) { const c1 = url.charCodeAt(schemeStart + 1) | 32; const c2 = url.charCodeAt(schemeStart + 2) | 32; if (c0 === 119 && c1 === 115 && c2 === 115) return 1; // wss if (c0 === 102 && c1 === 116 && c2 === 112) return 1; // ftp return 0; } else if (length === 4) { const c1 = url.charCodeAt(schemeStart + 1) | 32; const c2 = url.charCodeAt(schemeStart + 2) | 32; const c3 = url.charCodeAt(schemeStart + 3) | 32; if (c0 === 104 && c1 === 116 && c2 === 116 && c3 === 112) return 1; // http if (c0 === 102 && c1 === 105 && c2 === 108 && c3 === 101) return 2; // file return 0; } else if (length === 5) { return c0 === 104 && (url.charCodeAt(schemeStart + 1) | 32) === 116 && (url.charCodeAt(schemeStart + 2) | 32) === 116 && (url.charCodeAt(schemeStart + 3) | 32) === 112 && (url.charCodeAt(schemeStart + 4) | 32) === 115 ? 1 : 0; // https } return 0; } /** * Extract a hostname from `url`, matching a WHATWG URL parser's host-boundary * behaviour (https://url.spec.whatwg.org/#concept-basic-url-parser) for tldts' * scope. It deliberately does NOT normalise the host (no IDNA/punycode or IPv4 * canonicalisation; IPv6 brackets are stripped, not compressed), strips trailing * dots, and stays lenient where a strict parser rejects (bare host:port, * out-of-range port, user@host) — all documented deviations. * * @param urlIsValidHostname - when true, `url` is already a valid hostname and is * returned by the same reference (factory.ts skips re-validation on that * identity), keeping the common path allocation-free. * @param validate - when true, validate the host inline during the authority * scan and publish the verdict via `extractedHostnameValidated` so `parseImpl` * can skip the redundant `isValidHostname` pass for simple authorities. */ function extractHostname(url, urlIsValidHostname, validate = false) { let start = 0; let end = url.length; let hasUpper = false; let isSpecial = false; extractedHostnameValidated = false; if (!urlIsValidHostname) { // Data URLs never carry a host (and may be huge — short-circuit them). if (url.startsWith('data:')) { return null; } // WHATWG step 1: trim leading/trailing C0 control or space (<= U+0020). // Tab/newline elsewhere are handled lazily below. while (start < url.length && url.charCodeAt(start) <= 32) { start += 1; } while (end > start + 1 && url.charCodeAt(end - 1) <= 32) { end -= 1; } if (url.charCodeAt(start) === 47 /* '/' */ && url.charCodeAt(start + 1) === 47 /* '/' */) { // Scheme-relative reference ("//host/path"). start += 2; } else { const indexOfProtocol = url.indexOf(':/', start); if (indexOfProtocol !== -1) { // "scheme://…". Classify the scheme, then position `start` at the host. const special = getSpecialScheme(url, start, indexOfProtocol); if (special === 1) { // Special scheme: skip the run of '/' and '\' after it // (special-authority-(ignore-)slashes states; '\' acts as '/'). isSpecial = true; start = indexOfProtocol + 2; while (url.charCodeAt(start) === 47 /* '/' */ || url.charCodeAt(start) === 92 /* '\' */) { start += 1; } } else if (special === 2) { // file: the host is only what sits between "//" and the next slash, so // "file://h/x" => "h" but "file:///x" / "file:/x" => no host. isSpecial = true; start = indexOfProtocol + 1; let slashes = 0; while ((url.charCodeAt(start) === 47 || url.charCodeAt(start) === 92) && slashes < 2) { start += 1; slashes += 1; } if (slashes < 2) { return null; } } else { // Unknown scheme: validate the WHATWG scheme grammar [A-Za-z0-9+.-]; // a control char means it was split by a tab/newline (strip + re-parse). for (let i = start; i < indexOfProtocol; i += 1) { const code = url.charCodeAt(i) | 32; if (!(((code >= 97 && code <= 122) || // [a, z] (code >= 48 && code <= 57) || // [0, 9] code === 46 || // '.' code === 45 || // '-' code === 43) // '+' )) { const raw = url.charCodeAt(i); if (raw === 9 || raw === 10 || raw === 13) { return extractHostname(url.replace(CONTROL_CHARS, ''), urlIsValidHostname, validate); } return null; } } // A non-special scheme has an authority only after "//" (else it is an // opaque path with no host). `indexOf(':/')` already gave the first '/'. if (url.charCodeAt(indexOfProtocol + 2) === 47 /* '/' */) { start = indexOfProtocol + 3; } else { return null; } } } else if (url.charCodeAt(start) !== 91 /* '[' */) { // Cold path: no scheme "://", and not a bare IPv6 literal (whose first // ':' would otherwise look like a scheme separator; "[…]" falls through // to the ipv6 handling below). May be a bare host, a host:port, a // user@host, a slash-less special scheme ("https:host"), or an opaque // URI ("mailto:", "tel:", "urn:…"). let indexOfColon = -1; for (let i = start; i < end; i += 1) { const code = url.charCodeAt(i); if (code === 9 || code === 10 || code === 13) { return extractHostname(url.replace(CONTROL_CHARS, ''), urlIsValidHostname, validate); } if (code === 58 /* ':' */) { indexOfColon = i; break; } if (code === 47 || code === 92 || code === 63 || code === 35) { break; } } if (indexOfColon !== -1) { // An '@' before the next delimiter => the ':' is userinfo, not a // scheme ("user:pass@host", "mailto:a@b"): keep the whole authority. let hasIdentifier = false; for (let i = indexOfColon + 1; i < end; i += 1) { const code = url.charCodeAt(i); if (code === 47 || code === 92 || code === 63 || code === 35) { break; } if (code === 64 /* '@' */) { hasIdentifier = true; break; } } if (!hasIdentifier) { // All-digits after ':' => a bare "host:port" (tldts accepts // hostnames too); keep `start` and let the port handling trim it. let allDigits = true; let i = indexOfColon + 1; for (; i < end; i += 1) { const code = url.charCodeAt(i); if (code === 47 || code === 92 || code === 63 || code === 35) { break; } if (code < 48 /* '0' */ || code > 57 /* '9' */) { allDigits = false; break; } } if (i === indexOfColon + 1) { allDigits = false; // nothing after ':' => not a port } if (!allDigits) { const special = getSpecialScheme(url, start, indexOfColon); if (special === 0) { // No "://" anywhere on the cold path and not a special scheme. // A second ':' before the host's end marks a bare, unbracketed // IPv6 literal ("2a01:e35::1"): fall through and let the host // loop + isIp classify it. Without one this is an opaque path // with no host ("mailto:x", "foo:bar"). let isBareIpv6 = false; for (let j = indexOfColon + 1; j < end; j += 1) { const code = url.charCodeAt(j); if (code === 47 || code === 92 || code === 63 || code === 35) { break; } if (code === 58 /* ':' */) { isBareIpv6 = true; break; } } if (!isBareIpv6) { return null; } } else { isSpecial = true; start = indexOfColon + 1; if (special === 2) { // file (e.g. "file:\\host"): host only between "//" and next slash. let slashes = 0; while ((url.charCodeAt(start) === 47 || url.charCodeAt(start) === 92) && slashes < 2) { start += 1; slashes += 1; } if (slashes < 2) { return null; } } else { while (url.charCodeAt(start) === 47 || url.charCodeAt(start) === 92) { start += 1; } } } } } } } } // Find the host's end: first '/', '?' or '#' (and '\' for special URLs, // which WHATWG treats like '/'). Track the last '@', ']' and ':' for // userinfo, ipv6 and port, plus the first ':' of the host (reset at each // '@') to tell a bare IPv6 (>= 2 colons) from a host:port (exactly one); // flag uppercase and a stray tab/newline. The loop is split on `code < 64` // so common host characters take fewer comparisons. // // When `validate`, also accumulate `is-valid.ts`'s checks over the scanned // run so a simple authority's host can be validated in this single pass. // `vValid` only stays meaningful for a "simple" authority (no userinfo, port, // brackets, control or trailing dot); those cases clear it / are rejected by // the guard below, falling back to `isValidHostname`. let indexOfIdentifier = -1; let indexOfClosingBracket = -1; let indexOfPort = -1; let indexOfFirstColon = -1; let hasControl = false; let vValid = validate; // seeded true when validating; cleared on the first invalid char let vLastDot = start - 1; // mirrors is-valid.ts `lastDotIndex = -1` at host start let vLastCode = -1; if (validate && start < end) { // First-char rule: must be a valid host char, '.', or '_' (NOT '-'). const c0 = url.charCodeAt(start); if (!( /*@__INLINE__*/ (isValidHostnameChar(c0) || c0 === 46 /* '.' */ || c0 === 95 /* '_' */)) || c0 === 45 /* '-' (isValidHostnameChar allows it mid-label, not first) */) { vValid = false; } } for (let i = start; i < end; i += 1) { const code = url.charCodeAt(i); if (code < 64) { if (code === 47 || code === 35 || code === 63) { end = i; break; } else if (code === 58 /* ':' */) { if (indexOfFirstColon === -1) { indexOfFirstColon = i; } indexOfPort = i; } else if (code === 9 || code === 10 || code === 13) { hasControl = true; } else if (validate) { if (code === 46 /* '.' */) { if (i - vLastDot > 64 || vLastCode === 46 || vLastCode === 45) { vValid = false; } vLastDot = i; } else if (code < 48 || code > 57) { // < 64 and not a delimiter/dot/digit => only '-' (45) is a valid // host char here; everything else (space, %, !, etc.) is invalid. // A '-' must also not START a label (the byte right after a '.') — // mirrors is-valid.ts; the first label is covered by the first-char // rule above. (RFC 1034 §3.5 / RFC 1035 §2.3.1 LDH.) if (code !== 45 || vLastCode === 46 /* label-leading '-' */) { vValid = false; } } } } else if (isSpecial && code === 92 /* '\' */) { end = i; break; } else if (code === 64 /* '@' */) { indexOfIdentifier = i; indexOfFirstColon = -1; // colons before '@' are userinfo, not the host } else if (code === 93 /* ']' */) { indexOfClosingBracket = i; } else if (code >= 65 && code <= 90) { hasUpper = true; } else if (validate && !( /*@__INLINE__*/isValidHostnameChar(code))) { // >= 64, not '@'/']'/upper: valid only if a-z, '_', or non-ASCII. vValid = false; } if (validate) { vLastCode = code; } } // A tab/newline inside the authority: strip everything and re-parse (rare). if (hasControl) { return extractHostname(url.replace(CONTROL_CHARS, ''), urlIsValidHostname, validate); } // Skip userinfo. '>= start' so an empty userinfo ("http://@host") works too. if (indexOfIdentifier !== -1 && indexOfIdentifier >= start && indexOfIdentifier < end) { start = indexOfIdentifier + 1; } if (url.charCodeAt(start) === 91 /* '[' */) { // ipv6 address: return what is between the brackets, or null if unclosed. if (indexOfClosingBracket !== -1) { return url.slice(start + 1, indexOfClosingBracket).toLowerCase(); } return null; } else if (indexOfPort !== -1 && indexOfPort > start && indexOfPort < end && // A host:port has exactly one ':' in the host (so its first ':' is its // last); a bare, unbracketed IPv6 literal ("2a01:e35::1") has >= 2, so // its first ':' precedes the last. Only the former has a ':port' to trim. indexOfFirstColon === indexOfPort) { end = indexOfPort; // trim ':port' } // Empty authority ("http://", "file:///path", "//"); only reachable here via // extraction — a bare valid hostname never lands here. if (start >= end) { return null; } // Publish the inline-validation verdict — but only for a "simple" authority, // where the scanned run equals the final host: no userinfo skip, no port // trim, no brackets, no trailing dot (trimmed below), and length within RFC // limits. Anything else leaves it `false` so `parseImpl` re-validates. // // Every clause below is load-bearing for CORRECTNESS, not just speed: the // loop accumulates `vValid` over the whole scanned run (it does not stop at // ':' or '@', so any port/userinfo bytes are included), so the verdict is // only sound when that run equals the final host. Do not drop a clause as // "redundant" — e.g. without `indexOfPort === -1`, `host:8080` would be // wrongly accepted. if (validate && vValid && indexOfIdentifier === -1 && indexOfPort === -1 && indexOfClosingBracket === -1 && url.charCodeAt(end - 1) !== 46 /* no trailing dot */ && end - start <= 255 && // total length end - vLastDot - 1 <= 63 && // last label length vLastCode !== 45 /* last char not '-' */) { extractedHostnameValidated = true; } } // Trim trailing dots while (end > start + 1 && url.charCodeAt(end - 1) === 46 /* '.' */) { end -= 1; } const hostname = start !== 0 || end !== url.length ? url.slice(start, end) : url; if (hasUpper) { return hostname.toLowerCase(); } return hostname; } /** * Check if a hostname is an IP. You should be aware that this only works * because `hostname` is already garanteed to be a valid hostname! */ function isProbablyIpv4(hostname) { // Cannot be shorted than 1.1.1.1 if (hostname.length < 7) { return false; } // Cannot be longer than: 255.255.255.255 if (hostname.length > 15) { return false; } let numberOfDots = 0; for (let i = 0; i < hostname.length; i += 1) { const code = hostname.charCodeAt(i); if (code === 46 /* '.' */) { numberOfDots += 1; } else if (code < 48 /* '0' */ || code > 57 /* '9' */) { return false; } } return (numberOfDots === 3 && hostname.charCodeAt(0) !== 46 /* '.' */ && hostname.charCodeAt(hostname.length - 1) !== 46 /* '.' */); } /** * Similar to isProbablyIpv4. */ function isProbablyIpv6(hostname) { if (hostname.length < 3) { return false; } let start = hostname.startsWith('[') ? 1 : 0; let end = hostname.length; if (hostname[end - 1] === ']') { end -= 1; } // We only consider the maximum size of a normal IPV6. Note that this will // fail on so-called "IPv4 mapped IPv6 addresses" but this is a corner-case // and a proper validation library should be used for these. if (end - start > 39) { return false; } let hasColon = false; for (; start < end; start += 1) { const code = hostname.charCodeAt(start); if (code === 58 /* ':' */) { hasColon = true; } else if (!(((code >= 48 && code <= 57) || // 0-9 (code >= 97 && code <= 102) || // a-f (code >= 65 && code <= 70)) // A-F (RFC 4291 §2.2: an IPv6 hextet is hex digits only) )) { return false; } } return hasColon; } /** * Check if `hostname` is *probably* a valid ip addr (either ipv6 or ipv4). * This *will not* work on any string. We need `hostname` to be a valid * hostname. */ function isIp(hostname) { return isProbablyIpv6(hostname) || isProbablyIpv4(hostname); } /** * Special-use domain names from the IANA "Special-Use Domain Names" registry: * the authoritative list, created by RFC 6761 and maintained as new RFCs add to * it: https://www.iana.org/assignments/special-use-domain-names/ * Snapshot: 2026-05-24. (RFC 6761 is not obsoleted; draft-hoffman-rfc6761bis * proposes to retire its prose but keep this registry, so the registry is the * source of truth; re-sync this list against it.) * * These names never correspond to a public registration, yet neither * `isIcann` nor `isPrivate` marks one as special-use: most are absent from the * Public Suffix List (so `a.test` looks like a registrable domain), and the * few that are listed (`onion`, `home.arpa`) appear there as ordinary ICANN * suffixes. `isSpecialUse` is the single signal that covers them all. * * Per the registry and RFC 6761 ("and any names falling within these domains"), * the designation covers each listed name AND all of its sub-domains. DNS labels * are case-insensitive (RFC 4343); `hostname` is expected to be already * lower-cased and trailing-dot-stripped, as produced by `extractHostname`, the * same normalization the Public-Suffix-List lookup relies on. * * Two groups of registry entries are intentionally excluded: the numeric * reverse-DNS delegation zones (`10.in-addr.arpa`, the `*.ip6.arpa` ranges, …), * which are reverse-DNS PTR zones rather than hostnames and whose parents * (`in-addr.arpa`/`ip6.arpa`) are already in the Public Suffix List; and the * deprecated `eap-noob.arpa` entry. */ const SPECIAL_USE_DOMAINS = [ 'test', // RFC 6761 'localhost', // RFC 6761 'invalid', // RFC 6761 'example', // RFC 6761 'example.com', // RFC 6761 'example.net', // RFC 6761 'example.org', // RFC 6761 'local', // RFC 6762 (mDNS) 'onion', // RFC 7686 (Tor) 'alt', // RFC 9476 'home.arpa', // RFC 8375 'ipv4only.arpa', // RFC 8880 'resolver.arpa', // RFC 9462 'service.arpa', // RFC 9665 '6tisch.arpa', // RFC 9031 'eap.arpa', // RFC 9965 ]; /** * Return `true` if `hostname` is, or is a sub-domain of, a special-use domain * (see the registry note above). Expects an already-normalized `hostname`. */ function isSpecialUse(hostname) { for (const name of SPECIAL_USE_DOMAINS) { // Match on a label boundary: `hostname` is either exactly `name` or ends // with `.name` (so `latest` is not matched by `test`, nor `myexample.com` // by `example.com`). if (hostname.endsWith(name) && (hostname.length === name.length || hostname.charCodeAt(hostname.length - name.length - 1) === 46) /* '.' */) { return true; } } return false; } /** * Implements fast shallow verification of hostnames. This does not perform a * struct check on the content of labels (classes of Unicode characters, etc.) * but instead check that the structure is valid (number of labels, length of * labels, etc.). * * If you need stricter validation, consider using an external library. */ // KEEP IN SYNC with `extract-hostname.ts` `isValidHostnameChar` + its inline // scan/verdict, which duplicate these structural rules to validate during // extraction (a perf fusion). That copy additionally accepts A-Z (the host is // not yet lowercased there) and folds in '-' / '_'. Any change to the accepted // character set or the label/length rules here must be mirrored there. function isValidAscii(code) { return ((code >= 97 && code <= 122) || (code >= 48 && code <= 57) || code > 127); } /** * Check if a hostname string is valid. It's usually a preliminary check before * trying to use getDomain or anything else. * * Beware: it does not check if the TLD exists. */ function isValidHostname (hostname) { if (hostname.length > 255) { return false; } if (hostname.length === 0) { return false; } if ( /*@__INLINE__*/ !isValidAscii(hostname.charCodeAt(0)) && hostname.charCodeAt(0) !== 46 && // '.' (dot) hostname.charCodeAt(0) !== 95 // '_' (underscore) ) { return false; } // Validate hostname according to RFC let lastDotIndex = -1; let lastCharCode = -1; const len = hostname.length; for (let i = 0; i < len; i += 1) { const code = hostname.charCodeAt(i); if (code === 46 /* '.' */) { if ( // Check that previous label is < 63 bytes long (64 = 63 + '.') i - lastDotIndex > 64 || // Check that previous character was not already a '.' lastCharCode === 46 || // Check that the previous label does not end with '-' (RFC 1035 §2.3.1 LDH). // '_' is intentionally NOT restricted: DNS allows any octet (RFC 2181 §11) and // WHATWG URL does not treat '_' as a forbidden host code point. lastCharCode === 45) { return false; } lastDotIndex = i; } else if ( // A forbidden character in the label... !( /*@__INLINE__*/(isValidAscii(code) || code === 45 || code === 95)) || // ...or a '-' starting a label (the byte right after a '.'). A label must // not begin with a hyphen (RFC 1034 §3.5 / RFC 1035 §2.3.1 LDH, as amended // by RFC 1123 §2.1; cf. UTS #46 CheckHyphens). The first label is covered by // the leading-character guard above; mirrors the trailing-'-' rule below. (code === 45 && lastCharCode === 46)) { return false; } lastCharCode = code; } return ( // Check that last label is shorter than 63 chars len - lastDotIndex - 1 <= 63 && // Check that the last character is an allowed trailing label character. // Since we already checked that the char is a valid hostname character, // we only need to check that it's different from '-'. lastCharCode !== 45); } function setDefaultsImpl({ allowIcannDomains = true, allowPrivateDomains = false, detectIp = true, detectSpecialUse = false, extractHostname = true, mixedInputs = true, validHosts = null, validateHostname = true, }) { return { allowIcannDomains, allowPrivateDomains, detectIp, detectSpecialUse, extractHostname, mixedInputs, validHosts, validateHostname, }; } const DEFAULT_OPTIONS = /*@__INLINE__*/ setDefaultsImpl({}); function setDefaults(options) { if (options === undefined) { return DEFAULT_OPTIONS; } return /*@__INLINE__*/ setDefaultsImpl(options); } /** * Returns the subdomain of a hostname string */ function getSubdomain$1(hostname, domain) { // If `hostname` and `domain` are the same, then there is no sub-domain if (domain.length === hostname.length) { return ''; } return hostname.slice(0, -domain.length - 1); } /** * Implement a factory allowing to plug different implementations of suffix * lookup (e.g.: using a trie or the packed hashes datastructures). This is used * and exposed in `tldts.ts` and `tldts-experimental.ts` bundle entrypoints. */ function getEmptyResult() { return { domain: null, domainWithoutSuffix: null, hostname: null, isIcann: null, isIp: null, isPrivate: null, isSpecialUse: null, publicSuffix: null, subdomain: null, }; } function resetResult(result) { result.domain = null; result.domainWithoutSuffix = null; result.hostname = null; result.isIcann = null; result.isIp = null; result.isPrivate = null; result.isSpecialUse = null; result.publicSuffix = null; result.subdomain = null; } function parseImpl(url, step, suffixLookup, partialOptions, result) { const options = /*@__INLINE__*/ setDefaults(partialOptions); // Very fast approximate check to make sure `url` is a string. This is needed // because the library will not necessarily be used in a typed setup and // values of arbitrary types might be given as argument. if (typeof url !== 'string') { return result; } // Extract hostname from `url` only if needed. This can be made optional // using `options.extractHostname`. This option will typically be used // whenever we are sure the inputs to `parse` are already hostnames and not // arbitrary URLs. // // `mixedInput` allows to specify if we expect a mix of URLs and hostnames // as input. If only hostnames are expected then `extractHostname` can be // set to `false` to speed-up parsing. If only URLs are expected then // `mixedInputs` can be set to `false`. The `mixedInputs` is only a hint // and will not change the behavior of the library. // Whether `url` itself was already a valid hostname (only computed on the // mixedInputs path). Lets us skip the post-extraction validation below when // extractHostname returned `url` unchanged (same reference). let urlIsValid = false; if (!options.extractHostname) { result.hostname = url; } else if (options.mixedInputs) { urlIsValid = isValidHostname(url); result.hostname = extractHostname(url, urlIsValid, options.validateHostname); } else { result.hostname = extractHostname(url, false, options.validateHostname); } // Check if `hostname` is a valid ip address if (options.detectIp && result.hostname !== null) { result.isIp = isIp(result.hostname); if (result.isIp) { return result; } } // Perform hostname validation if enabled. If hostname is not valid, no need to // go further as there will be no valid domain or sub-domain. This validation // is applied before any early returns to ensure consistent behavior across // all API methods including getHostname(). if (options.validateHostname && options.extractHostname && result.hostname !== null && // Skip the re-scan when `url` was already validated and extractHostname // returned it unchanged (same reference => identical string, still valid). !(urlIsValid && result.hostname === url) && // Skip the re-scan when extractHostname already validated the host inline // (a confirmed-valid simple authority — see extract-hostname.ts). !extractedHostnameValidated && !isValidHostname(result.hostname)) { result.hostname = null; return result; } if (step === 0 /* FLAG.HOSTNAME */ || result.hostname === null) { return result; } // Flag special-use domains, only when opted in (`detectSpecialUse`) and only // for the full `parse()` result (FLAG.ALL). Computed here, before the // public-suffix/domain early-returns below, so single-label names like // `localhost` (which have no registrable domain) are still flagged. if (step === 5 /* FLAG.ALL */ && options.detectSpecialUse) { result.isSpecialUse = isSpecialUse(result.hostname); } // Extract public suffix suffixLookup(result.hostname, options, result); if (step === 2 /* FLAG.PUBLIC_SUFFIX */ || result.publicSuffix === null) { return result; } // Extract domain result.domain = getDomain$1(result.publicSuffix, result.hostname, options); if (step === 3 /* FLAG.DOMAIN */ || result.domain === null) { return result; } // Extract subdomain result.subdomain = getSubdomain$1(result.hostname, result.domain); if (step === 4 /* FLAG.SUB_DOMAIN */) { return result; } // Extract domain without suffix result.domainWithoutSuffix = getDomainWithoutSuffix$1(result.domain, result.publicSuffix); return result; } function fastPathLookup (hostname, options, out) { // Fast path for very popular suffixes; this allows to by-pass lookup // completely as well as any extra allocation or string manipulation. if (!options.allowPrivateDomains && hostname.length > 3) { const last = hostname.length - 1; const c3 = hostname.charCodeAt(last); const c2 = hostname.charCodeAt(last - 1); const c1 = hostname.charCodeAt(last - 2); const c0 = hostname.charCodeAt(last - 3); if (c3 === 109 /* 'm' */ && c2 === 111 /* 'o' */ && c1 === 99 /* 'c' */ && c0 === 46 /* '.' */) { out.isIcann = true; out.isPrivate = false; out.publicSuffix = 'com'; return true; } else if (c3 === 103 /* 'g' */ && c2 === 114 /* 'r' */ && c1 === 111 /* 'o' */ && c0 === 46 /* '.' */) { out.isIcann = true; out.isPrivate = false; out.publicSuffix = 'org'; return true; } else if (c3 === 117 /* 'u' */ && c2 === 100 /* 'd' */ && c1 === 101 /* 'e' */ && c0 === 46 /* '.' */) { out.isIcann = true; out.isPrivate = false; out.publicSuffix = 'edu'; return true; } else if (c3 === 118 /* 'v' */ && c2 === 111 /* 'o' */ && c1 === 103 /* 'g' */ && c0 === 46 /* '.' */) { out.isIcann = true; out.isPrivate = false; out.publicSuffix = 'gov'; return true; } else if (c3 === 116 /* 't' */ && c2 === 101 /* 'e' */ && c1 === 110 /* 'n' */ && c0 === 46 /* '.' */) { out.isIcann = true; out.isPrivate = false; out.publicSuffix = 'net'; return true; } else if (c3 === 101 /* 'e' */ && c2 === 100 /* 'd' */ && c1 === 46 /* '.' */) { out.isIcann = true; out.isPrivate = false; out.publicSuffix = 'de'; return true; } } return false; } // Code automatically generated using ./bin/builders/hashes.ts var packed = new Uint32Array([6, 0, 0, 7, 5860978, 5861026, 5861029, 5861352, 5861357, 5861403, 5861586, 0, 0, 0, 1, 1850179732, 0, 9, 328184559, 1866923597, 2123501943, 2282562397, 2795346450, 3130446446, 3136607046, 3453334789, 4194175729, 87, 3156266, 19510334, 20989895, 64887183, 65021741, 101876503, 177080427, 179500755, 182385953, 311298055, 425802535, 460682395, 492095970, 582839475, 819014943, 819028732, 922117623, 1075688039, 1126402299, 1139486022, 1156921983, 1179004234, 1241916785, 1329165410, 1335010188, 1370787547, 1370800824, 1431231509, 1498275876, 1508988617, 1516508161, 1522025464, 1544104458, 1554032448, 1554653742, 1570707647, 1573939511, 1626814538, 1675555530, 1675593396, 1679919230, 1692185483, 1730108052, 1781528047, 1781528437, 1784183980, 1789539963, 1827963150, 1873769763, 1881070667, 1890696062, 1893848785, 1927992574, 1937808954, 2001752368, 2005097031, 2182413090, 2391299855, 2419619562, 2445171142, 2453492351, 2496327381, 2525245455, 2573179642, 2703420555, 2709520566, 2800127296, 2921343336, 2989808530, 3000405309, 3015527775, 3043937580, 3047607849, 3048022317, 3160720065, 3382460164, 3461355676, 3498015045, 3688442504, 3738715095, 3925657990, 3934774481, 4033285539, 4076983130, 4085096371, 4146774829, 4208486561, 3768, 100835, 372942, 373596, 399643, 403867, 589540, 737224, 1210028, 1861414, 2424682, 2658901, 2946999, 3329363, 3333156, 6942202, 9086062, 9095117, 9267209, 9340158, 9485932, 11010102, 11406846, 16314893, 17546564, 18146303, 18331450, 19211200, 20314441, 20797457, 25057869, 26663359, 28320278, 30499151, 30585840, 36605120, 36775470, 36775473, 36990037, 39275208, 41892561, 42049478, 42538024, 45214788, 47656662, 50173535, 53599326, 53858455, 54537430, 63815836, 69971116, 73517283, 73904368, 75706244, 78793775, 78794171, 79558910, 80324123, 84993902, 87977581, 87978853, 87978860, 93811268, 95641381, 95641777, 96671837, 100511481, 100947456, 108215410, 108929491, 110526112, 110662188, 112311307, 114507832, 116811054, 120488259, 122521550, 133427701, 134012911, 141513861, 141517490, 144349377, 144362028, 144550088, 144770230, 147205859, 147810002, 147989623, 149598895, 150736276, 150856054, 152379730, 156555774, 163952417, 163952613, 163952704, 163952815, 163953167, 163953232, 164189124, 164189258, 164189262, 164189326, 164189691, 164189842, 164560958, 165069166, 165106627, 165107021, 165339368, 165444557, 165444558, 165444615, 165444629, 165444745, 165444749, 165445368, 165512129, 165512527, 165749053, 165749188, 165749299, 165749435, 165749535, 165778992, 165779060, 167155067, 169909265, 169909275, 169909419, 169909512, 169909517, 169909531, 169909608, 169909724, 169909733, 169909734, 169909738, 169909857, 169910036, 169910195, 169910226, 169939304, 169977029, 169977163, 170281136, 170281250, 170281253, 170281258, 170281275, 170281382, 170281390, 170281415, 170281447, 170281457, 170281473, 170281497, 170281511, 170281522, 170281525, 170281528, 170281579, 170281589, 170281687, 170281689, 170281699, 170281742, 170281776, 170281812, 170281852, 170281902, 170281972, 170311352, 170649202, 170649385, 170649596, 171188220, 172078401, 172145927, 172213761, 172213835, 172214443, 172484301, 172788260, 172788319, 172788689, 172788693, 172788754, 172788809, 172788827, 173118530, 173118924, 173253960, 173254504, 173456648, 173591948, 173930212, 173930286, 174129293, 174306499, 174306893, 174307245, 174307439, 174358551, 174374100, 174407806, 174410098, 174488250, 174509317, 174577099, 174606766, 174644617, 174843632, 174844030, 174847160, 175181758, 175524135, 175524873, 176843304, 176948764, 178529610, 178530165, 178530256, 178530299, 178530303, 178530355, 178868363, 178868576, 178868974, 179274397, 179274476, 179379459, 179379616, 179379849, 179379853, 179380220, 179657877, 179692651, 179714168, 179913714, 180090112, 180090244, 180090304, 180090314, 180090337, 180090372, 180090450, 180090510, 180090525, 180090526, 180090587, 180090702, 180091049, 180091118, 180091210, 180091228, 180091258, 180091259, 180283722, 180292996, 180293014, 180293036, 180293067, 180293093, 180293105, 180293124, 180293152, 180293156, 180293169, 180293179, 180293199, 180293253, 180293290, 180293294, 180293300, 180293302, 180293304, 180293317, 180293344, 180293346, 180293381, 180293447, 180293487, 180293501, 180293503, 180293522, 180293535, 180293716, 180293796, 180293819, 180293997, 180294000, 180294004, 180294009, 180428032, 180902137, 180969265, 180969566, 180969653, 180969723, 181105061, 181105190, 181105676, 181240259, 181240353, 181240367, 181240371, 181240391, 181240392, 181240393, 181240398, 181240404, 181240451, 181240474, 181240479, 181240483, 181240490, 181240509, 181240515, 181240844, 181240853, 181240956, 181241149, 181241165, 181241168, 181244839, 181278273, 181375748, 181548621, 181548644, 181548727, 181548873, 181549108, 181549176, 181949900, 181950639, 182056031, 182385920, 182419943, 182893167, 182893283, 182893394, 182893788, 183163149, 183163151, 183163155, 183163168, 183163169, 183163171, 183163181, 183163182, 183163183, 183163186, 183163188, 183163233, 183163248, 183163251, 183163252, 183163254, 183163270, 183163303, 183163314, 183163317, 183163334, 183163335, 183163336, 183163340, 183163345, 183163347, 183163350, 183163362, 183163363, 183163365, 183163366, 183163367, 183163371, 183163375, 183163376, 183163378, 183163380, 183163383, 183163630, 183163631, 183163644, 183163649, 183163651, 183163653, 183163655, 183163664, 183163668, 183163669, 183163678, 183163679, 183163682, 183163687, 183163713, 183163715, 183163728, 183163731, 183163735, 183163742, 183163777, 183163779, 183163780, 183163781, 183163783, 183163796, 183163797, 183163801, 183163843, 183163845, 183163847, 183163859, 183163864, 183163865, 183163874, 183163895, 183163897, 183163913, 183163922, 183163933, 183163960, 183163961, 183163963, 183163977, 183163978, 183163979, 183163981, 183163988, 183163989, 183163991, 183163992, 183163994, 183163995, 183163998, 183164008, 183164010, 183164012, 183164021, 183164025, 183164026, 183164027, 183164029, 183164041, 183164044, 183164045, 183164047, 183164050, 183164051, 183164057, 183164060, 183164061, 183164093, 184080938, 184081253, 184081673, 184081677, 184081778, 184246330, 184246511, 184486318, 184486865, 184487263, 184828195, 184828212, 184844696, 184844824, 184848486, 184848491, 184849029, 184849387, 184859173, 184859210, 184869208, 184869819, 184994607, 185163947, 185216284, 185289081, 185292632, 185295605, 185501943, 185502073, 185502077, 185772974, 186723357, 186723671, 186723801, 186753074, 186763265, 186771866, 186840059, 186858006, 186875993, 186950941, 186953244, 186994101, 186994720, 187011432, 187022814, 187064894, 187067400, 187076090, 187078647, 187088813, 187161171, 187188812, 187203075, 187219343, 187222314, 187251332, 187328908, 187332203, 187378741, 187385256, 187386889, 187403121, 187403860, 187404132, 187409119, 187410536, 187415116, 187415841, 187417183, 187453423, 187455618, 187483569, 187506658, 187521457, 187531575, 187554851, 187557872, 187932036, 187932044, 187932595, 187932730, 187932752, 187932756, 187932794, 187932985, 187932989, 189797875, 189851312, 190236828, 190304994, 190305388, 190575460, 190575594, 190879986, 190880380, 191458643, 191459037, 193856736, 193857103, 193857114, 193857243, 193991787, 194363750, 194498585, 194498630, 194498988, 194499056, 194499063, 194499187, 194532263, 194532626, 194532630, 194532693, 194532760, 194532936, 194533115, 194802308, 194802313, 194802316, 194802351, 194802671, 194802818, 194802832, 194802974, 194803141, 194803143, 194803161, 194803162, 194803220, 194803226, 194803230, 194803290, 194836546, 194870589, 194870610, 194871004, 195040013, 195040230, 195040360, 195077902, 195078025, 195078028, 195078034, 195078035, 195078038, 195078058, 195078062, 195078071, 195078081, 195078095, 195078112, 195078119, 195078120, 195078149, 195078150, 195078156, 195078185, 195078215, 195078217, 195078250, 195078251, 195078272, 195078273, 195078277, 195078283, 195078287, 195078298, 195078299, 195078300, 195078368, 195078372, 195078375, 195078394, 195078464, 195078474, 195078493, 195078531, 195078554, 195078559, 195078687, 195078710, 195078753, 195078828, 195078837, 195078892, 195078895, 195078900, 195078906, 195078959, 195078960, 195078974, 195078995, 195078997, 195079007, 195145607, 195146051, 195817892, 195817910, 195818040, 196653590, 197775763, 198219289, 198248729, 198354195, 198354632, 200387773, 202063369, 203326381, 203326382, 203326695, 203326709, 203326825, 203326829, 203327047, 203327192, 203360584, 203427712, 203428110, 203563443, 203563837, 203664976, 203665374, 203762913, 203901612, 203969343, 204069808, 204070876, 206121592, 207568995, 208227118, 218659706, 219797064, 231775478, 232791016, 232866163, 232870916, 237059472, 238230825, 238671321, 241611072, 245880244, 249954601, 256262487, 257210252, 257542887, 259829097, 260353797, 260353928, 260353938, 260354380, 260381156,