azu/url-cheatsheet azu/url-cheatsheet

  • Stars
    star
    182
  • Rank 211,154 (Top 5 %)
  • Language
    JavaScript
  • License
    MIT License
  • Created almost 2 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
azu/url-cheatsheet
github

azu

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

URL manipulation cheatsheet for JavaScript

url-cheatsheet

URL manipulation cheatsheet for JavaScript.

DO NOT: concat url and user input without escape

Please DO NOT concat url and user input without escape

// DO NOT
const name = "<user input>"
const url = `https://example.com/user/${name}`;
console.log(url); // => "https://example.com/user/<user input>"

This code may have directory traversal vulnerability. You should escape the name by encodeURIComponent.

// DO
const name = "<user input>"
const url = `https://example.com/user/${encodeURIComponent(name)}`;
console.log(url); // => "https://example.com/user/%3Cuser%20input%3E"

DO NOT: concat parameter and user input without escape

Please DO NOT concat parameter and user input without escape

// DO NOT
const query = "<user input>"
const url = `https://example.com?q=${query}`;
console.log(url); // => "https://example.com?q=<user input>"

This example does not consider that query includes & or ? that is required to escape. You should escape the query by encodeURIComponent.

// DO
const query = "<user input>"
const url = `https://example.com?q=${encodeURIComponent(query)}`;
console.log(url); // => "https://example.com?q=%3Cuser%20input%3E"

Or, You can use URLSearchParams() that escape each parameters automatically.

Base URL + Path

Use new URL(pathname, base).

  • keywords: url-join, join path
const base = "https://example.com";
const pathname = "/path/to/page";
const result = new URL(pathname, base);
console.log(result.toString()); // => "https://example.com/path/to/page"

If the pathname include user input, you should escape it by encodeURIComponent.

const base = "https://example.com/";
const name = "<user input>"
const result = new URL(`/user/${encodeURIComponent(name)}`, base);
console.log(result.toString()); // => "https://example.com/user/%3Cuser%20input%3E"

Get parameter from URL

Use URL and URLSearchParams#get

const inputURL = "https://example.com/?q=query&page=1";
const url = new URL(inputURL);
const q = url.searchParams.get("q");
console.log(q); // => "query"

Get multiple parameters as array from URL

Use URL and URLSearchParams#getAll

const inputURL = "https://example.com/?q=query&lang=en_US&lang=ja_JP";
const url = new URL(inputURL);
const langs = url.searchParams.getAll("lang");
console.log(langs); // ["en_US", "ja_JP"]

Add parameters to URL

Use URLSearchParams

const q = "query";
const page = 1;
const base = "https://example.com";
const url = new URL(base);
const params = new URLSearchParams({
    q,
    page
});
console.log(url + "?" + params); // => "https://example.com/?q=query&page=1"

or

const q = "query";
const page = 1;
const base = "https://example.com";
const url = new URL(base);
url.search = new URLSearchParams({
    q,
    page
});
console.log(url.toString()); // => "https://example.com/?q=query&page=1"

📝 URLSearchParams escape each parameter automtically.

const q = "<user input>";
const page = 1;
const base = "https://example.com";
const url = new URL(base);
url.search = new URLSearchParams({
    q,
    page
});
console.log(url.toString()); // => "https://example.com/?q=%3Cuser+input%3E&page=1"

Update parameter of URL

Use URL's searchParams property.

const inputURL = "https://example.com/?q=query&page=1";
const url = new URL(inputURL);
url.searchParams.set("q", "update");
console.log(url.toString()); // => "https://example.com/?q=update&page=1"

Remove parameter from URL

Use URL and URLSearchParams

const inputURL = "https://example.com/?q=query&page=1";
const url = new URL(inputURL);
url.searchParams.delete("q");
console.log(url.toString()); // => "https://example.com/?page=1"

Filter parameters

Allow only a and d parameters.

  • keywords: pick, white list, allow list
const base = "https://example.com/?a=1&b=2&c=3&d=4";
const url = new URL(base);
const allowedParameterNames = ["a", "d"];
url.search = new URLSearchParams(Array.from(url.searchParams).filter(([key, value]) => {
  return allowedParameterNames.includes(key);
}));
console.log(url.toString()); // => "https://example.com/?a=1&d=4"

Check URL is Absolute-URL

new URL(urlString) throw an error when parsing relative url string. As a result, you can use URL for checking URL is absolute-URL that starts with a schema like https:

const isValidURL = (urlString) => {
  try {
    new URL(urlString); // if `urlString` is invalid, throw an erorr
    return true;
  } catch {
    return false;
  }
};
console.log(isValidURL("https://example.com")); // => true
console.log(isValidURL("https/example.com")); // => false

Check URL is HTTP

Check URL's protocol property.

const isHttpURL = (urlString) => {
  try {
    const url = new URL(urlString); // if `urlString` is invalid, throw an erorr
    return url.protocol === "http:" || url.protocol === "https:";
  } catch {
    return false;
  }
};
console.log(isHttpURL("http://example.com")); // => true
console.log(isHttpURL("https://example.com")); // => true
console.log(isHttpURL("ftp://example.com")); // => false
console.log(isHttpURL("https/example.com")); // => false

More Repositories

1

promises-book

JavaScript Promiseの本
HTML
1,347
star
2

awesome-commit-english

コミット英語についての記事まとめ
848
star
3

large-scale-javascript

複雑なJavaScriptアプリケーションを作るために考えること
JavaScript
320
star
4

NSDate-Escort

NSDate utility library that is compatible with NSDate-Extensions API.
Objective-C
269
star
5

monorepo-utils

A collection of utilities for monorepo/lerna. Tools for TypeScript project references etc..
TypeScript
162
star
6

github-label-setup

📦 Setup GitHub label without configuration.
JavaScript
152
star
7

mdline

Markdown timeline format and toolkit.
HTML
147
star
8

lerna-monorepo-github-actions-release

Lerna + monorepo +GitHub Actions Release Flow
JavaScript
147
star
9

kvs

Lightweight key-value storage library for Browser, Node.js, and In-Memory.
TypeScript
139
star
10

github-reader

[node-webkit] GitHub client app - Viewer for Notifications and News Feed.
JavaScript
136
star
11

browser-resources

A Collection of official Resources/Status/Issues for browsers.
132
star
12

github-sponsors-tax

GitHub Sponsorsの確定申告手順
128
star
13

book-review

本を読んだ感想を書くブログです。
TypeScript
127
star
14

irodr

RSS reader client like LDR for Inoreader.
TypeScript
115
star
15

multi-stage-sourcemap

multi-level source map processing library.
JavaScript
104
star
16

parcel-typescript-example

A minimum TypeScript app with Parcel Bundler.
HTML
101
star
17

license-generator

A Command line tool that generate `LICENSE` file.
Rust
99
star
18

har-extractor

A CLI that extract har file to directory.
TypeScript
90
star
19

gitbook-starter-kit

GitBook Starter Kit.
JavaScript
84
star
20

create-validator-ts

Create JSON Schema validator from TypeScript.
TypeScript
83
star
21

faao

Faao is a GitHub issue/pull-request client on Electron.
TypeScript
75
star
22

material-flux

No magic flux implementation library.
JavaScript
75
star
23

kuromojin

Provide a high-level wrapper for kuromoji.js. Cache/Promise API
CSS
75
star
24

codemirror-console

Web Console UI for JavaScript.
JavaScript
72
star
25

can-npm-publish

A command line tool that check to see if `npm publish` is possible.
JavaScript
66
star
26

commonjs-to-es-module-codemod

Codemod that convert CommonJS(require/exports) to ES Modules(import/export) for JavaScript/TypeScript
JavaScript
66
star
27

pdf-markdown-annotator

[nw.js] pdf viewer + markdown editor
CSS
62
star
28

git-commit-push-via-github-api

Git commit and push by using GitHub API. No depended on Git binary.
TypeScript
62
star
29

mu-epub-reader

Epub viewer on Electron that support text translation.
JavaScript
61
star
30

open-job-letter

[PR] Open Job Application Letter
JavaScript
61
star
31

opml-to-markdown

[node.js]Convert OPML(Outline) to Markdown
JavaScript
60
star
32

ui-event-observer

Provide performant way to subscribe to browser UI Events.
JavaScript
60
star
33

ecmascript-version-detector

ECMAScript Version Detector
JavaScript
59
star
34

immutable-array-prototype

A collection of Immutable Array prototype methods(Per method packages).
TypeScript
59
star
35

eventmit

Simple EventEmitter. A single event object per an event.
TypeScript
57
star
36

babel-plugin-jsdoc-to-assert

Runtime type checking for JSDoc
JavaScript
57
star
37

mini-flux

mini flux implementation
JavaScript
54
star
38

rc-config-loader

Load config from .{product}rc.{json,yml,js} file
TypeScript
52
star
39

MarkdownSyntaxEditor

[iOS] NSAttributedString + UITextView + Markdown Syntax highlighting.
Objective-C
52
star
40

Coveralls-iOS

iOS/Objective-C: minimum setup for Coveralls.
Shell
50
star
41

company-introduction-jp

日本の会社紹介スライドのまとめです。
TypeScript
50
star
42

wait-for-element.js

This library provide a function which wait until an element is visible.
JavaScript
49
star
43

power-doctest

JavaScript Doctest for JavaScript, Markdown and Asciidoc.
TypeScript
48
star
44

hatebupwa

Hatena Bookmark search app.
TypeScript
45
star
45

azu

azu 's issue todo
JavaScript
42
star
46

github-search-rss

GitHub Search Results as RSS Feeds via GitHub Actions.
TypeScript
42
star
47

tsconfig-to-dual-package

Node.js dual package tool that add package.json to tsconfig's `outDir`
TypeScript
42
star
48

hubmemo

Private/Public Memo system based on GitHub.
TypeScript
42
star
49

service-worker-updatefound-refresh-dialog

A library show refresh dialog/banner when the service worker found updated.
JavaScript
41
star
50

memory-note

Fast memory note on CDN edge. Cloudflare Workers KV/GitHub Projects as backend.
TypeScript
41
star
51

gitbook-plugin-include-codeblock

GitBook plugin for including file
JavaScript
40
star
52

fz-browse

fzf-like fuzzy finder tool but view search results on browser.
JavaScript
40
star
53

safe-marked

Markdown to HTML using marked and DOMPurify. Safe by default.
TypeScript
40
star
54

missue

A Toolkit helps you to management your TODO based on GitHub Issues.
JavaScript
39
star
55

jsdoc-to-assert

JSDoc to assert
JavaScript
38
star
56

mumemo

Mumemo is screenshot-driven note application.
TypeScript
38
star
57

podspec-bump

A command line tools to bump podspec version for Cocoapods.
JavaScript
37
star
58

set-env-to-github_env

A migration tools convert `::set-env`/`::set-output`/`::save-state` to $GITHUB_ENV/$GITHUB_OUTPUT/$GITHUB_STATE on GitHub Actions.
TypeScript
36
star
59

release-changelog

[Deprecated] Easy to use conventional-changelog and release-it.
JavaScript
36
star
60

mytweets

Search all your tweets.
TypeScript
36
star
61

babel-plugin-strip-function-call

Babel plugin strip any function call.
JavaScript
36
star
62

ni.zsh

Alternative `ni` written in zsh
Shell
36
star
63

OperationPromise

NSOperation(NSOperationQueue) dependency manager library.
Objective-C
36
star
64

pdf.js-controller

Provide presentation interface using pdf.js
JavaScript
36
star
65

philan.net

Public Donation Management webservice for Philanthropist.
TypeScript
35
star
66

NumericKeypad

NumericKeypad for iPad
Objective-C
33
star
67

express-router-dependency-graph

A static code analysis tool that creates a dependency graph for express routing.
TypeScript
33
star
68

monorepo-release-changesets

A monorepo use yarn + lerna + changesets + GitHub Actions.
JavaScript
32
star
69

technical-word-rules

JavaScript中心のIT技術用語のLint用辞書
JavaScript
31
star
70

how-to-learn-es6

📝 How to learn ECMAScript2015 for Beginner?
HTML
30
star
71

slide

スライド置き場
HTML
29
star
72

express-lazy-router

Lazy loading for express router
TypeScript
29
star
73

slide-pdf.js

Presentation tools for pdf file in browser.
JavaScript
29
star
74

korefile

File System API for Local/GitHub.
TypeScript
29
star
75

JSONAccelerator

Get in, get out — nice and neat
Objective-C
29
star
76

github-sponsorable-in-japan

A list of GitHub users who are living in Japan and are sponsor-able.
TypeScript
27
star
77

watch-rss

Subscribe your watched GitHub Repository's releases as RSS feeds on Inoreader
TypeScript
27
star
78

eslint-plugin-typescript-compat

ESLint rule for browser compatibility of your TypeScript code
TypeScript
27
star
79

promise-test-helper

Helper JavaScript library for promises testing.
JavaScript
27
star
80

voicod

Voice note editor
TypeScript
27
star
81

voting-badge

👍 voting badge like Travis CI
JavaScript
27
star
82

delete-tweets

Twitterのアーカイブから削除候補のTweetsを抽出する補助ツールと削除するツール。
TypeScript
27
star
83

events-to-async

Treat EventEmitter-like object using Async/Await, Async Iterator.
TypeScript
26
star
84

emscripten-example

emscripten wasm example in node.js
JavaScript
26
star
85

ios-practice

iOSアプリ開発におけるプラクティス
Objective-C
25
star
86

postem

Cross posting client for twitter, hatebu, and own services.
JavaScript
25
star
87

reftest-runner

Reftest runner with WebDriver API.
JavaScript
24
star
88

github-issue-widget

Showcase your Github(repository)'s issue list via iframe.
JavaScript
24
star
89

negaposi-analyzer-ja

形態素解析したtokenからネガティブ/ポジティブを判定したスコアを返すJavaScriptライブラリ
JavaScript
23
star
90

mic-mutebar

Tiny GUI app that show microphone status
HTML
22
star
91

github-actions-badge

Generate GitHub Actions badge Markdown code.
TypeScript
22
star
92

shallow-equal-object

Shallow equal check object that support TypeScript.
TypeScript
22
star
93

github-funding-yml-updater

Update multiple repositories's `.github/FUNDING.yml` via GitHub API
TypeScript
21
star
94

exponential-backoff-generator

Exponential backoff generator. Provide robust retry function.
TypeScript
21
star
95

vite-react-example

Example: Vite + React + TypeScript
TypeScript
21
star
96

github-ribbon-generator

GitHub Ribbon Generator on Web.
Vue
21
star
97

dynamic-import-assets

Dynamic Imports for JavaScript and CSS.
TypeScript
20
star
98

eslint-cjs-to-esm

ESLint wrapper for migration from CJS to ESM.
JavaScript
20
star
99

searchive

Search All My Documents{PDF}.
JavaScript
20
star
100

running-on-streetview

Virtual Running on Google Street View.
TypeScript
20
star