Does protocol casing affect the URL parsing?

[armanm]

I don't know enough about URL parsing to know if this is the correct behaviour but here is a test case:

const URL = require('url')

URL.parse('javascript:ALERT(DOCUMENT.DOMAIN)').href
// => 'javascript:ALERT(DOCUMENT.DOMAIN)'

URL.parse('JAVASCRIPT:ALERT(DOCUMENT.DOMAIN)').href
// => 'javascript:alert/(DOCUMENT.DOMAIN)'

As you can see in the latter example when protocol is specified in upper case, the href ends up partly lowercased and with an extra slash.

Could someone explain if this is a bug or a correct behaviour?

[ljharb]

In node 6+, i get 'javascript:ALERT(DOCUMENT.DOMAIN)' in both examples. In this module and node < 6, I get the behavior you report.

In other words, this is correct for older node versions, but is incorrect for later ones, so we'll fix this as part of updating the implementation.