Support regular expressions in host whitelist/backlist, closes #562

Author: chriso

CHANGELOG.md

@@ -4,6 +4,8 @@
   ([#564](https://github.com/chriso/validator.js/issues/564))
 - Added support for urls without a host (e.g. `file:///foo.txt`) in `isURL()`
   ([#563](https://github.com/chriso/validator.js/issues/563))
+- Added support for regular expressions in the `isURL()` host whitelist and blacklist
+  ([#562](https://github.com/chriso/validator.js/issues/562))
 - Added support for MasterCard 2-Series BIN
   ([#576](https://github.com/chriso/validator.js/pull/576))
 - New locales

lib/isURL.js

@@ -36,6 +36,20 @@ var default_url_options = {
 
 var wrapped_ipv6 = /^\[([^\]]+)\](?::([0-9]+))?$/;
 
+function isRegExp(obj) {
+  return Object.prototype.toString.call(obj) === '[object RegExp]';
+}
+
+function checkHost(host, matches) {
+  for (var i = 0; i < matches.length; i++) {
+    var match = matches[i];
+    if (host === match || isRegExp(match) && match.test(host)) {
+      return true;
+    }
+  }
+  return false;
+}
+
 function isURL(url, options) {
   (0, _assertString2.default)(url);
   if (!url || url.length >= 2083 || /\s/.test(url)) {
@@ -113,12 +127,16 @@ function isURL(url, options) {
   if (!(0, _isIP2.default)(host) && !(0, _isFQDN2.default)(host, options) && (!ipv6 || !(0, _isIP2.default)(ipv6, 6)) && host !== 'localhost') {
     return false;
   }
-  if (options.host_whitelist && options.host_whitelist.indexOf(host) === -1) {
+
+  host = host || ipv6;
+
+  if (options.host_whitelist && !checkHost(host, options.host_whitelist)) {
     return false;
   }
-  if (options.host_blacklist && options.host_blacklist.indexOf(host) !== -1) {
+  if (options.host_blacklist && checkHost(host, options.host_blacklist)) {
     return false;
   }
+
   return true;
 }
 module.exports = exports['default'];

src/lib/isURL.js

@@ -17,6 +17,20 @@ const default_url_options = {
 
 const wrapped_ipv6 = /^\[([^\]]+)\](?::([0-9]+))?$/;
 
+function isRegExp(obj) {
+  return Object.prototype.toString.call(obj) === '[object RegExp]';
+}
+
+function checkHost(host, matches) {
+  for (let i = 0; i < matches.length; i++) {
+    let match = matches[i];
+    if (host === match || (isRegExp(match) && match.test(host))) {
+      return true;
+    }
+  }
+  return false;
+}
+
 export default function isURL(url, options) {
   assertString(url);
   if (!url || url.length >= 2083 || /\s/.test(url)) {
@@ -88,11 +102,15 @@ export default function isURL(url, options) {
           host !== 'localhost') {
     return false;
   }
-  if (options.host_whitelist && options.host_whitelist.indexOf(host) === -1) {
+
+  host = host || ipv6;
+
+  if (options.host_whitelist && !checkHost(host, options.host_whitelist)) {
     return false;
   }
-  if (options.host_blacklist && options.host_blacklist.indexOf(host) !== -1) {
+  if (options.host_blacklist && checkHost(host, options.host_blacklist)) {
     return false;
   }
+
   return true;
 }

test/validators.js

@@ -402,6 +402,27 @@ describe('Validators', function () {
     });
   });
 
+  it('should allow regular expressions in the host whitelist', function () {
+    test({
+      validator: 'isURL',
+      args: [{
+        host_whitelist: ['bar.com', 'foo.com', /\.foo\.com$/],
+      }],
+      valid: [
+        'http://bar.com/',
+        'http://foo.com/',
+        'http://images.foo.com/',
+        'http://cdn.foo.com/',
+        'http://a.b.c.foo.com/',
+      ],
+      invalid: [
+        'http://foobar.com',
+        'http://foo.bar.com/',
+        'http://qux.com',
+      ],
+    });
+  });
+
   it('should let users specify a host blacklist', function () {
     test({
       validator: 'isURL',
@@ -420,6 +441,27 @@ describe('Validators', function () {
     });
   });
 
+  it('should allow regular expressions in the host blacklist', function () {
+    test({
+      validator: 'isURL',
+      args: [{
+        host_blacklist: ['bar.com', 'foo.com', /\.foo\.com$/],
+      }],
+      valid: [
+        'http://foobar.com',
+        'http://foo.bar.com/',
+        'http://qux.com',
+      ],
+      invalid: [
+        'http://bar.com/',
+        'http://foo.com/',
+        'http://images.foo.com/',
+        'http://cdn.foo.com/',
+        'http://a.b.c.foo.com/',
+      ],
+    });
+  });
+
   it('should validate MAC addresses', function () {
     test({
       validator: 'isMACAddress',

validator.js

@@ -304,6 +304,20 @@
 
       var wrapped_ipv6 = /^\[([^\]]+)\](?::([0-9]+))?$/;
 
+      function isRegExp(obj) {
+        return Object.prototype.toString.call(obj) === '[object RegExp]';
+      }
+
+      function checkHost(host, matches) {
+        for (var i = 0; i < matches.length; i++) {
+          var match = matches[i];
+          if (host === match || isRegExp(match) && match.test(host)) {
+            return true;
+          }
+        }
+        return false;
+      }
+
       function isURL(url, options) {
         assertString(url);
         if (!url || url.length >= 2083 || /\s/.test(url)) {
@@ -381,12 +395,16 @@
         if (!isIP(host) && !isFDQN(host, options) && (!ipv6 || !isIP(ipv6, 6)) && host !== 'localhost') {
           return false;
         }
-        if (options.host_whitelist && options.host_whitelist.indexOf(host) === -1) {
+
+        host = host || ipv6;
+
+        if (options.host_whitelist && !checkHost(host, options.host_whitelist)) {
           return false;
         }
-        if (options.host_blacklist && options.host_blacklist.indexOf(host) !== -1) {
+        if (options.host_blacklist && checkHost(host, options.host_blacklist)) {
           return false;
         }
+
         return true;
       }