difference between protocol and scheme absolute/relative urls check logic, also node vs browser

[akhoury]

Scheme-absolute seems to win the people's consensus

• https://stackoverflow.com/questions/15581445/are-protocol-relative-urls-relative-urls
• scheme-relative is absolute? sindresorhus/is-absolute-url#2

BUT the behavior is different from the server (node environment) and the browser, so remember, there are 2 factors with 2 possible values each, here's a table

For example: //google.com

ENV/TYPE	Protocol Absolute	Scheme Absolute
Node	TRUE	FALSE
BROWSER	TRUE	TRUE

For example for ////google.com

ENV/TYPE	Protocol Absolute	Scheme Absolute
Node	FALSE	FALSE
BROWSER	TRUE	TRUE

In order to mitigate this in the results below, we replace all 3+ leading slashes with 2 slashes, url.replace(/^\/{3,}/, '//');

Reason of different behavior node vs browser

Since there is no equivalent, on the browser, using document.createElement('a'), to the slashesDenoteHost of URL.parse(str, parseQueryString, slashesDenoteHost)), on the browser, slashesDenoteHost is as always set to true.

Also, the browser treats 3+ leading i.e ////google.com slashes as 2 leading slashes, and sets a host value on the result from parseUrl(), while node, using URL.parse('////google.com', true, true) does not set a host value to it, so we think it's a relative url, while but res.redirect redirects it externally without an issue.

Why are we using protocol-absolute?

Unlike the others.

Because for our purposes, we want to consider any redirect attempts to //example.com or attempts to set an img src, to be external. Maybe we should use a different function name? i.e. isUrlExternal() instead?

in Node

url:                    c:\aaa.aaa
protocol-absolute:              FALSE
scheme-absolute:                FALSE

url:                    ./aaaa
protocol-absolute:              FALSE
scheme-absolute:                FALSE

url:                    ../aaaa
protocol-absolute:              FALSE
scheme-absolute:                FALSE

url:                    aaa...aaaa
protocol-absolute:              FALSE
scheme-absolute:                FALSE

url:                    aaa
protocol-absolute:              FALSE
scheme-absolute:                FALSE

url:                    aaa.aaa
protocol-absolute:              FALSE
scheme-absolute:                FALSE

url:                    /aaa.aaa
protocol-absolute:              FALSE
scheme-absolute:                FALSE

url:                    //aaa.aaa
protocol-absolute:              TRUE      <--- different here
scheme-absolute:                FALSE

url:                    ///aaa.aaa/bbb
protocol-absolute:              TRUE      <--- different here
scheme-absolute:                FALSE

url:                    ////aaa.aaa/bbb
protocol-absolute:              TRUE      <--- different here
scheme-absolute:                FALSE

url:                    ///////aaa.aaa/bbb
protocol-absolute:              TRUE      <--- different here
scheme-absolute:                FALSE

url:                    http://aaa.aa
protocol-absolute:              TRUE
scheme-absolute:                TRUE

url:                    https://aaa.aa///
protocol-absolute:              TRUE
scheme-absolute:                TRUE

url:                    ftp://aaa.aa
protocol-absolute:              TRUE
scheme-absolute:                TRUE

url:                    smb://aaa.aa
protocol-absolute:              TRUE
scheme-absolute:                TRUE

url:                    git+ssh://aaa.aa
protocol-absolute:              TRUE
scheme-absolute:                TRUE

in Browser

https://jsfiddle.net/hm129g0r/15/

url: c:\aaa.aaa
protocol-absolute: TRUE
scheme-absolute: TRUE

url: ./aaaa
protocol-absolute: FALSE
scheme-absolute: FALSE

url: ../aaaa
protocol-absolute: FALSE
scheme-absolute: FALSE

url: aaa...aaaa
protocol-absolute: FALSE
scheme-absolute: FALSE

url: aaa
protocol-absolute: FALSE
scheme-absolute: FALSE

url: aaa.aaa
protocol-absolute: FALSE
scheme-absolute: FALSE

url: /aaa.aaa
protocol-absolute: FALSE
scheme-absolute: FALSE

url: //aaa.aaa
protocol-absolute: TRUE       <--- not different here
scheme-absolute: TRUE

url: ///aaa.aaa/bbb
protocol-absolute: TRUE       <--- not different here
scheme-absolute: TRUE

url: ////aaa.aaa/bbb
protocol-absolute: TRUE       <--- not different here
scheme-absolute: TRUE

url: ///////aaa.aaa/bbb
protocol-absolute: TRUE       <--- not different here
scheme-absolute: TRUE

url: http://aaa.aa
protocol-absolute: TRUE
scheme-absolute: TRUE

url: https://aaa.aa///
protocol-absolute: TRUE
scheme-absolute: TRUE

url: ftp://aaa.aa
protocol-absolute: TRUE
scheme-absolute: TRUE

url: smb://aaa.aa
protocol-absolute: TRUE
scheme-absolute: TRUE

url: git+ssh://aaa.aa
protocol-absolute: TRUE
scheme-absolute: TRUE

[akhoury]

also, tested with using a string parsing solution like: https://github.com/unshiftio/url-parse it does recognize //aaa.aaa as an external url, so it sets a host on the result, but not ///aaa.aaa, sooo we could just use that module, but we still have to strip 3+ leading slashes url.replace(/^\/{3,}/, '//');

[akhoury]

OR we can have utils.isAbsoluteUrl, when on the browser, to always use the server to check via ajax or socket emit, this way we always rely on the server to decide

[pitaj]

Recommend returning a runtime-independent object from this function instead of using isBrowser multiple places.

For instance, returning an object with booleans isSchemeAbsolute, isProtocolAbsolute etc

[akhoury]

well, I would have to "parse" twice each time, since when you're testing for scheme-absolute you would have to set slashesDenoteHost=true and would have to strip the leading slashes

isProtocolAbsoluteUrl: function (url) {
    url = url.replace(/^\/{3,}/, '//');
    var a = utils.parseUrl(url, true, **true);

We don't need to do that when testing for scheme-absolute, so in order to get both results each time, we need to require('url').parse() twice

Which is doable I guess, but just letting you know.