Is it expected that sanitize-url replaces Cyrillic characters?

Question

Is it expected that sanitize-url replaces Cyrillic characters?

Closed this issue 4 years ago · 3 comments

I faced with a problem, that sanitize-url replaces Cyrillic characters. So it is impossible to sanitize Cyrillic domains (like https://лот.рф) or urls with Cyrillic characters in search params (like https://yandex.ru/search/?text=шишки).

console.log(sanitizeUrl('https://лот.рф')); // ==> 'https://.'
console.log(sanitizeUrl('https://yandex.ru/search/?text=шишки')); // ==> 'https://yandex.ru/search/?text='

Check this example in runkit.

Is this behaviour intentional or maybe I can open a PR to fix it?

Answer 1 · 2021-02-19T17:47:34.000Z

Feel free to open a PR. As long as ctrl characters are successfully removed to prevent javascript urls from being allowed, it should be fine.

Answer 2 · 2021-03-12T15:46:52.000Z

~~@crookedneighbor I have a fix ready for this but can't push a branch. Can you give me permission? Thank you~~

Nevermind permissions, I figured out how to open a PR form a fork.

PR is ready

Answer 3 · 2021-04-29T15:58:17.000Z

This is fixed (thanks to @akirchmyer) and released in v5.0.1