[Django] #25418: URL Validator to check only hostname part without domain nor tld
Django
-------------------------------+--------------------
Reporter: foxmask | Owner: nobody
Type: Uncategorized | Status: new
Component: Core (URLs) | Version: 1.8
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
Hi,
on the LAN, we don't use full scheme of host + domain + tld, so it could
be fine if we could change this
host_re = '(' + hostname_re + domain_re + tld_re + '|localhost)'
to
host_re = '(' + hostname_re + domain_re + tld_re + '|' + hostname_re +
'|localhost)'
regards
--
Ticket URL: <https://code.djangoproject.com/ticket/25418>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: foxmask | Owner: nobody
Type: Bug | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by MoritzS):
* needs_better_patch: => 0
* component: Core (URLs) => Core (Other)
* needs_tests: => 0
* version: 1.8 => master
* needs_docs: => 0
* type: Uncategorized => Bug
* stage: Unreviewed => Accepted
Comment:
URLs like `http://host` definitely should be considered valid.
Also, is there really a need to differentiate between tld, domain and
hostname? As far as DNS is concerned they don't really mean different
things.
--
Ticket URL: <https://code.djangoproject.com/ticket/25418#comment:1>
Django
Reporter: foxmask | Owner: nobody
Type: Bug | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Old description:
> Hi,
> on the LAN, we don't use full scheme of host + domain + tld, so it could
> be fine if we could change this
>
> host_re = '(' + hostname_re + domain_re + tld_re + '|localhost)'
>
> to
>
> host_re = '(' + hostname_re + domain_re + tld_re + '|' + hostname_re
> + '|localhost)'
>
> regards
New description:
Hi,
on the LAN, we don't use full scheme of host + domain + tld, so it could
be fine if we could change this
{{{
host_re = '(' + hostname_re + domain_re + tld_re + '|localhost)'
}}}
to
{{{
host_re = '(' + hostname_re + domain_re + tld_re + '|' + hostname_re +
'|localhost)'
}}}
regards
--
Comment (by timgraham):
I believe the idea of `URLValidator` is to recognize URLs that usually
work without some special DNS setup. I feel like this proposal has come up
before and been rejected. If so, we should document the restriction (and
how to lift it in your own validation) to try to prevent it from being
proposed again and again.
--
Ticket URL: <https://code.djangoproject.com/ticket/25418#comment:2>
Django
Reporter: foxmask | Owner: nobody
Type: New feature | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by claudep):
* type: Bug => New feature
Comment:
In 4e2e8f39d19d79a59c2696b2c40cb619a54fa745, we added some flexibility to
add whitelisted hostnames for `EmailValidator`. It might make sense to add
the same for `URLValidator`, but it would probably require to (again!)
restructure that validator.
--
Ticket URL: <https://code.djangoproject.com/ticket/25418#comment:3>
Django
Reporter: foxmask | Owner: nobody
Type: New feature | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by foxmask):
I'm sorry to speak about the topic, as I didn't know all about this
history, if it's boring ; close that ticket.
Regards
--
Ticket URL: <https://code.djangoproject.com/ticket/25418#comment:4>
Django
Reporter: foxmask | Owner: nobody
Type: New feature | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by claudep):
Nothing's boring. If you want to give it a shot and try a patch that
matches the `domain_whitelist` behavior of `EmailValidator`, we'll happily
review it. If this fulfills your use case, of course.
--
Ticket URL: <https://code.djangoproject.com/ticket/25418#comment:5>
Django
Reporter: foxmask | Owner: nobody
Type: New feature | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by jschneier):
I just ran into this as well. There is also no whitelist of hostnames that
I can hardcode (so that solution is out). Unfortunately the data is
entered via a CMS which is using `URLValidator` internally and leaving
users quite frustrated.
Is changing `host_re` to
`host_re = '(' + hostname_re + domain_re + tld_re + '|' + hostname_re +
'|localhost)'`
as suggested by the original reporter of this issue out of the question?
That seems like the simplest way to fix this and will bring Django more
in-line with the RFC that lays out URLs.
--
Ticket URL: <https://code.djangoproject.com/ticket/25418#comment:6>
Django
Reporter: foxmask | Owner: nobody
Type: New feature | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by timgraham):
I believe that conflicts with what I mentioned in comment 2.
--
Ticket URL: <https://code.djangoproject.com/ticket/25418#comment:7>
Django
Reporter: FoxMaSk | Owner: nobody
Type: New feature | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Chris Withers):
Tim, the fact that you've had a duplicate from me suggests that the regex
is wrong. https://tools.ietf.org/html/rfc3986#section-3.2.2 does not
specify the need for either a domain or a tld.
That's the technicality, the practicality is that most intranet urls are
left in short form, without a domain or tld. These are not a "special" DNS
setup, and I can't see a reason to simplify the regex.
Please can you provide more justification for your position?
--
Ticket URL: <https://code.djangoproject.com/ticket/25418#comment:8>
Django
Reporter: FoxMaSk | Owner: nobody
Type: New feature | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Tim Graham):
There's a past discussion about it in #9202. That being said, we might
instead drastically simplify the regex in favor of HTML5 validation as
suggested on [https://groups.google.com/d/topic/django-
developers/ASBJ0ge2KYo/discussion django-developers].
--
Ticket URL: <https://code.djangoproject.com/ticket/25418#comment:9>