fix: Remove auto-trimming of input

jhnns · jhnns · commit 4ea86a189eb4 · 2022-01-23T20:33:45.000+01:00
BREAKING CHANGE: parseDomain won't .trim() the given input. The input is interpreted as it is. If you want to trim the input, you need to call .trim() before passing it to parseDomain. Auto-trimming the input changes the domain and might not be desired if any character (such as whitespace) is allowed (e.g. when using lax validation).
diff --git a/src/parse-domain.test.ts b/src/parse-domain.test.ts
@@ -583,6 +583,20 @@ describe(parseDomain.name, () => {
     });
   });
 
+  // The hostname should be interpreted as it is.
+  // Auto-trimming the input changes the domain and might not be
+  // desired if any character (such as whitespace) is allowed
+  // (e.g. when using lax validation).
+  // Trimming can always happen on the caller side.
+  test("does not trim the hostname", () => {
+    expect(parseDomain(" com", { validation: Validation.Lax })).toMatchObject({
+      type: ParseResultType.NotListed,
+    });
+    expect(parseDomain("com ", { validation: Validation.Lax })).toMatchObject({
+      type: ParseResultType.NotListed,
+    });
+  });
+
   test("returns the input hostname in the result", () => {
     expect(parseDomain("www.EXAMPLE.com")).toMatchObject({
       hostname: "www.EXAMPLE.com",
diff --git a/src/sanitize.ts b/src/sanitize.ts
@@ -147,19 +147,17 @@ export const sanitize = (
     };
   }
 
-  const inputTrimmed = input.trim();
-
-  if (inputTrimmed === "") {
+  if (input === "") {
     return {
       type: SanitizationResultType.ValidDomain,
-      domain: inputTrimmed,
+      domain: input,
       labels: [],
     };
   }
 
   // IPv6 addresses are surrounded by square brackets in URLs
   // See https://tools.ietf.org/html/rfc3986#section-3.2.2
-  const inputTrimmedAsIp = inputTrimmed.replace(/^\[|]$/g, "");
+  const inputTrimmedAsIp = input.replace(/^\[|]$/g, "");
   const ipVersionOfInput = ipVersion(inputTrimmedAsIp);
 
   if (ipVersionOfInput !== undefined) {
@@ -170,15 +168,15 @@ export const sanitize = (
     };
   }
 
-  const lastChar = inputTrimmed.charAt(inputTrimmed.length - 1);
+  const lastChar = input.charAt(input.length - 1);
   const canonicalInput =
-    lastChar === LABEL_SEPARATOR ? inputTrimmed.slice(0, -1) : inputTrimmed;
+    lastChar === LABEL_SEPARATOR ? input.slice(0, -1) : input;
   const octets = new TextEncoder().encode(canonicalInput);
 
   if (octets.length > DOMAIN_LENGTH_MAX) {
     return {
       type: SanitizationResultType.Error,
-      errors: [createDomainMaxLengthError(inputTrimmed, octets.length)],
+      errors: [createDomainMaxLengthError(input, octets.length)],
     };
   }
 
@@ -196,7 +194,7 @@ export const sanitize = (
 
   return {
     type: SanitizationResultType.ValidDomain,
-    domain: inputTrimmed,
+    domain: input,
     labels,
   };
 };
