URLValidator on urls without protocol
1,796 views
Skip to first unread message
Michael Cetrulo
Jun 11, 2010, 1:28:54 PM6/11/10
to django-d...@googlegroups.com
hello, something just came up on #django and I think it's worth asking here; turns out current URLValidator http://code.djangoproject.com/browser/django/tags/releases/1.2.1/django/core/validators.py#L41 forbids urls without protocol however the URLField that uses it tries to add a default "http://" in case it's missing http://code.djangoproject.com/browser/django/tags/releases/1.2.1/django/forms/fields.py#L526
the fix is trivial, just change the regex to make the first part optional but I'm not sure if you'll prefer to simply drop that functionality on the widget and reject all those urls to retain compatibility.
the fix is trivial, just change the regex to make the first part optional but I'm not sure if you'll prefer to simply drop that functionality on the widget and reject all those urls to retain compatibility.
Michael Cetrulo
Jun 11, 2010, 2:21:59 PM6/11/10
to django-d...@googlegroups.com
looking at the order in which the methods are called on the Field class it seems the default "http://" is added before the validator gets called so it should work as expected, don't know where the error in validation was coming from.
Michael Cetrulo
Jun 11, 2010, 6:02:35 PM6/11/10
to django-d...@googlegroups.com
turns out there is a problem, the field looks for "://" anywhere on the value but according to the RFC the colon is allowed on paths, so an url like 'www.example.com/://' should validate and it fails:
Python 2.6.4 (r264:75706, Jan 25 2010, 08:55:26)
[GCC 4.4.2 20091208 (prerelease)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
(InteractiveConsole)
>>> import django
>>> django.VERSION
(1, 2, 1, 'final', 0)
>>> from django import forms
>>> class MyForm(forms.Form):
... url = forms.URLField()
...
>>> form = MyForm({'url': 'www.example.com/http://foo/bar/'})
>>> form.is_valid()
False
http://www.rfc-ref.org/RFC-TEXTS/3986/chapter3.html#sub3
Python 2.6.4 (r264:75706, Jan 25 2010, 08:55:26)
[GCC 4.4.2 20091208 (prerelease)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
(InteractiveConsole)
>>> import django
>>> django.VERSION
(1, 2, 1, 'final', 0)
>>> from django import forms
>>> class MyForm(forms.Form):
... url = forms.URLField()
...
>>> form = MyForm({'url': 'www.example.com/http://foo/bar/'})
>>> form.is_valid()
False
http://www.rfc-ref.org/RFC-TEXTS/3986/chapter3.html#sub3
MIL
Jun 12, 2010, 6:42:59 AM6/12/10
to Django developers
I was the guy that brought it up on #django
And I would like to follow this thread.
Thanks :o)
Michael Hjulskov
And I would like to follow this thread.
Thanks :o)
Michael Hjulskov
Michael Cetrulo
Jun 20, 2010, 9:35:23 PM6/20/10
to django-d...@googlegroups.com
ticket: http://code.djangoproject.com/ticket/13804
also found a real-life scenario when this feature of the RFC is implemented, the site reddit.com uses it for a shortcut that searchs/submits links to their website, example:
http://www.reddit.com/s/http://code.djangoproject.com/ticket/13804
also found a real-life scenario when this feature of the RFC is implemented, the site reddit.com uses it for a shortcut that searchs/submits links to their website, example:
http://www.reddit.com/s/http://code.djangoproject.com/ticket/13804
--
You received this message because you are subscribed to the Google Groups "Django developers" group.
To post to this group, send email to django-d...@googlegroups.com.
To unsubscribe from this group, send email to django-develop...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
Karen Tracey
Nov 18, 2012, 12:32:46 AM11/18/12
to django-d...@googlegroups.com
On Sun, Nov 18, 2012 at 12:21 AM, Jared Martin <jaredt...@gmail.com> wrote:
Yes, it should be fixed. Per the ticket referenced it was fixed two years ago. The specific scenario showin in the ticket is fixed:
Python 2.7.3 (default, Aug 1 2012, 05:16:07)
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
I don't mean to wake a dead dog, but what has become of this? I came across this problem today. For now, I've subclassed. But it should be fixed, right?
Yes, it should be fixed. Per the ticket referenced it was fixed two years ago. The specific scenario showin in the ticket is fixed:
Python 2.7.3 (default, Aug 1 2012, 05:16:07)
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import django
>>> django.get_version()
'1.4.2'
>>> from django.forms import URLField
>>> f = URLField()
>>> f.clean('www.example.com/://')
u'http://www.example.com/://'
>>>
So what do you mean, exactly, that you came across it today? What exactly is failing unexpectedly and on what version of Django?
>>> django.get_version()
'1.4.2'
>>> from django.forms import URLField
>>> f = URLField()
>>> f.clean('www.example.com/://')
u'http://www.example.com/://'
>>>
So what do you mean, exactly, that you came across it today? What exactly is failing unexpectedly and on what version of Django?
Jared Martin
Nov 18, 2012, 12:34:20 AM11/18/12
to django-d...@googlegroups.com
Yes it indeed was. That was a mistake on my part. I saw it as soon as I submitted. Sorry.
Reply all
Reply to author
Forward
0 new messages