url: refactor truncating long hostname

[jun-oka]

Checklist

• make -j8 test (UNIX), or vcbuild test nosign (Windows) passes
• commit message follows commit guidelines

Affected core subsystem(s)

lib url
test url

Description of change

I deleted and refactored the line around 417 in url.js which was truncating hostname if hostname length after . is more than 63. Thus url parse behavior for hostname should be same as browser's behavior. Now it doesn’t truncate hostname.

[cjihrig]

LGTM I suppose.

[Trott]

The moving-part-of-the-hostname-to-the-path bit is really surprising and, I would argue, buggy behavior. Is that documented anywhere? If not, I wonder if the correct thing to do is a (hopefully semver-patch) change that treats such URLs as invalid. (A hostname longer than 63 chars is invalid per RFC 1035.)

EDIT: It doesn't appear to be documented anywhere.

[Trott]

/cc @nodejs/http-parser I guess, although I suppose this isn't http-specific...

[jun-oka]

@Trott OK. I agree. I'll look into the document again.
The only way I could pass this URL on test was this way, so I thought it was true.
However, according to your opinion, it seems buggy.

[Trott]

Looks like this behavior was introduced (or at least refactored?) in db912813 by @mscdex. I'm not sure if it was unintentional and the intended behavior was something else, or if this is totally intended behavior on the theory that "garbage input results in garbage output". So maybe @mscdex can let us know?

[jasnell]

ping @mscdex

[mscdex]

I honestly don't remember, that was awhile ago. All I could go by is whatever tests we had at the time.

[Trott]

Looking at what new URL(url) does in the browser, it does not truncate the hostname component. I would say we should follow suit: Don't try to validate the hostname length.

I would say the path forward is:

• rewrite the expected test result to preserve the hostname
• update url.js to not truncate long hostnames
• update the subsystem in the PR name and the commit message to be url
• Get some input from @nodejs/lts on the semver implications of this. I think it's a bug fix, personally, but if anyone wants to argue that it should be treated as semver-major out of an abundance of caution, I'm OK with that.

What do others think?

[Trott]

I should add that, to me at least, the real objectionable thing here is not the truncation but the moving of the remainder of the hostname into the path. That just makes no sense to me. I cannot think of a situation where that is helpful. And I can think of situations where that can introduce bugs, for sure.

[jun-oka]

@Trott Thanks.
I will do this part.

• rewrite the expected test result to preserve the hostname
• update url.js to not truncate long hostnames
• update the subsystem in the PR name and the commit message to be url

[sam-github]

re: #9521 (comment), I think truncation is bizarre.

I don't believe that the URL RFCs say that host names have to be _DNS_ host names, there are lots of ways of resolving names, so I think truncation is a bug.

Here's an example:

% tail /etc/hosts

127.0.0.1 ThisIsAnAbsurdlyLongHostNameButSurelyNoneOfThisShouldEndUpAsPartOfThePathBecauseWhoCouldPossiblyWantThatAMIRITE.com
% ping -c1 ThisIsAnAbsurdlyLongHostNameButSurelyNoneOfThisShouldEndUpAsPartOfThePathBecauseWhoCouldPossiblyWantThatAMIRITE.com
PING ThisIsAnAbsurdlyLongHostNameButSurelyNoneOfThisShouldEndUpAsPartOfThePathBecauseWhoCouldPossiblyWantThatAMIRITE.com (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.065 ms

host names clearly are not the same as DNS names, they can be longer than DNS allows and still be resolveable.

[Trott]

LGTM if new CI is ✅

[Trott]

@cjihrig @jasnell This is a bit different (and, in my opinion, better) than what was originally submitted. Can you re-check the code to make sure it is still good by you?

[Trott]

CI: https://ci.nodejs.org/job/node-test-pull-request/5036/

[Trott]

/cc @sam-github

[jun-oka]

@cjihrig @jasnell @sam-github It would be nice if you can check it!

[sam-github]

I'm not familiar with the code, it would make more sense for @jasnell (who just wrote a URL decoder) or @mscdex (who might have implemented the truncation) looked at it.

[mscdex]

There is a backslash before z here that needs to be removed.

[jun-oka]

OK. Thank you for finding.

[mscdex]

Please keep the parens around the groups of checks, IMHO it makes it easier to reason about.

[jun-oka]

Yes. I think so too.

[mscdex]

@Trott I'm just being more cautious is all, especially since this behavior has existed for a long time (even before my rewrite). If everyone else feels differently, then go ahead and remove the semver-major label.

[jun-oka]

@mscdex
Thank you for those reviewing.
I will look into them.

[jun-oka]

@mscdex @Trott
I have just updated!

[Trott]

CI: https://ci.nodejs.org/job/node-test-pull-request/5576/

[mscdex]

There's a couple of changes that still need to be made, namely the for loop iteration condition and the isVc variable naming.

[mscdex]

While we're changing things in here, I think it might be better to re-prioritize the conditionals here to optimize for the common cases. Here is what I propose:

const isVc = (code >= 97/*a*/ && code <= 122/*z*/) ||
             code === 46/*.*/ ||
             (code >= 65/*A*/ && code <= 90/*Z*/) ||
             (code >= 48/*0*/ && code <= 57/*9*/) ||
             code === 45/*-*/ ||
             code === 43/*+*/ ||
             code === 95/*_*/||
             code > 127;

[jun-oka]

@mscdex In my opinion, that makes more sense. It looks more common in this case. Thanks a lot.

[jun-oka]

@mscdex I have applied your review which you proposed.

[mscdex]

minor nit: there is a missing space before the ||. I missed that in my proposed example earlier.

[jun-oka]

@mscdex Thank you! I corrected it. I will be careful.

[Trott]

CI: https://ci.nodejs.org/job/node-test-pull-request/5577/

[mscdex]

LGTM

[Trott]

(arm-fanned failure on CI is infra related and unrelated to this change.)

[Trott]

Landed in c65d55f.

Two months in the making. 🎉