[Django] #36054: Support schemes parameter to URLField for custom URL scheme validation
4 views
Skip to first unread message
Django
Jan 2, 2025, 12:26:22 AM1/2/25
to django-...@googlegroups.com
#36054: Support schemes parameter to URLField for custom URL scheme validation
-------------------------------------+-------------------------------------
Reporter: Youngkwang Yang | Type: New
| feature
Status: new | Component: Forms
Version: dev | Severity: Normal
Keywords: URLField, | Triage Stage:
forms.URLField, schemes, URL | Unreviewed
validation, custom schemes |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Django URLField and forms.URLField currently validate URLs using the
URLValidator with a predefined set of schemes: http, https, ftp, and ftps.
While this default behavior meets general-purpose requirements, it lacks
flexibility for specific use cases where developers need to restrict or
expand the allowed schemes.
Examples of such use cases:
- Applications that require only secure URLs (https).
- Systems needing to validate custom or non-standard schemes such as
gopher or custom-scheme.
this ticket introduces a new schemes parameter to both URLField and
forms.URLField. This parameter allows developers to define a custom list
of acceptable schemes, enabling more granular URL validation while
maintaining backward compatibility.
**Proposed Changes:**
- extend the URLField and forms.URLField classes to accept an optional
schemes parameter.
- update the deconstruct method in URLField to include the schemes
parameter for proper migration support.
- modify forms.URLField to pass the schemes parameter to the URLValidator.
- preserve existing behavior by defaulting to the current scheme list
(http, https, ftp, ftps) when schemes is not provided.
- Add comprehensive test cases for both URLField and forms.URLField.
================================================
**See examples**
models.URLField
{{{
from django.db import models
class MyModel(models.Model):
# Uses the default schemes (http, https, ftp, ftps)
default_url = models.URLField()
# Only allows HTTPS URLs
secure_url = models.URLField(schemes=["https"])
# Allows a custom scheme
custom_scheme_url = models.URLField(schemes=["custom-scheme"])
# Allows multiple specific schemes
multiple_schemes_url = models.URLField(schemes=["https", "ftp",
"custom-scheme"])
}}}
forms.URLField
{{{
from django import forms
class MyForm(forms.Form):
# Default schemes
default_url = forms.URLField()
# Custom schemes
secure_url = forms.URLField(schemes=["https"])
custom_url = forms.URLField(schemes=["custom-scheme"])
}}}
Any feedback is appreciated!
--
Ticket URL: <https://code.djangoproject.com/ticket/36054>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
-------------------------------------+-------------------------------------
Reporter: Youngkwang Yang | Type: New
| feature
Status: new | Component: Forms
Version: dev | Severity: Normal
Keywords: URLField, | Triage Stage:
forms.URLField, schemes, URL | Unreviewed
validation, custom schemes |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Django URLField and forms.URLField currently validate URLs using the
URLValidator with a predefined set of schemes: http, https, ftp, and ftps.
While this default behavior meets general-purpose requirements, it lacks
flexibility for specific use cases where developers need to restrict or
expand the allowed schemes.
Examples of such use cases:
- Applications that require only secure URLs (https).
- Systems needing to validate custom or non-standard schemes such as
gopher or custom-scheme.
this ticket introduces a new schemes parameter to both URLField and
forms.URLField. This parameter allows developers to define a custom list
of acceptable schemes, enabling more granular URL validation while
maintaining backward compatibility.
**Proposed Changes:**
- extend the URLField and forms.URLField classes to accept an optional
schemes parameter.
- update the deconstruct method in URLField to include the schemes
parameter for proper migration support.
- modify forms.URLField to pass the schemes parameter to the URLValidator.
- preserve existing behavior by defaulting to the current scheme list
(http, https, ftp, ftps) when schemes is not provided.
- Add comprehensive test cases for both URLField and forms.URLField.
================================================
**See examples**
models.URLField
{{{
from django.db import models
class MyModel(models.Model):
# Uses the default schemes (http, https, ftp, ftps)
default_url = models.URLField()
# Only allows HTTPS URLs
secure_url = models.URLField(schemes=["https"])
# Allows a custom scheme
custom_scheme_url = models.URLField(schemes=["custom-scheme"])
# Allows multiple specific schemes
multiple_schemes_url = models.URLField(schemes=["https", "ftp",
"custom-scheme"])
}}}
forms.URLField
{{{
from django import forms
class MyForm(forms.Form):
# Default schemes
default_url = forms.URLField()
# Custom schemes
secure_url = forms.URLField(schemes=["https"])
custom_url = forms.URLField(schemes=["custom-scheme"])
}}}
Any feedback is appreciated!
--
Ticket URL: <https://code.djangoproject.com/ticket/36054>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Reply all
Reply to author
Forward
0 new messages