[Django] #25593: Remove scheme validation from URLValidator or provide all IANA acceptable schemes as defaults

16 views
Skip to first unread message

Django

unread,
Oct 22, 2015, 8:20:11 AM10/22/15
to django-...@googlegroups.com
#25593: Remove scheme validation from URLValidator or provide all IANA acceptable
schemes as defaults
----------------------------------------------+--------------------
Reporter: marcinn | Owner: nobody
Type: Uncategorized | Status: new
Component: Database layer (models, ORM) | Version: 1.8
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
----------------------------------------------+--------------------
== The problem ==

There are defined only four schemes as default: http,https,ftp,ftps.
But URL can have many many more valid schemes.
HTTP and FTP as good defaults are invalid - they are too limited.

There is no simple way to extend these schemes nor disable scheme
validation.
We must extend URLField and redeclare `default_validators` class property,
which is too complex for that simple case.

== Possible solutions ==

- disable scheme validation and enable it only when user defines
`allowed_schemes` directly in URLField (backward incompatible)
- provide `allowed_schemes` as an optional argument for URLField
`init()`
- provide all valid schemes as default set (based on
https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml)

== Preffered solution ==

Probide all (IANA) valid schemes as default together with possibility to
change them by URLField `init()`.

--
Ticket URL: <https://code.djangoproject.com/ticket/25593>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
Oct 22, 2015, 9:42:16 AM10/22/15
to django-...@googlegroups.com
#25593: Remove scheme validation from URLValidator or provide all IANA acceptable
schemes as defaults
-------------------------------------+-------------------------------------

Reporter: marcinn | Owner: nobody
Type: Uncategorized | Status: new
Component: Database layer | Version: 1.8
(models, ORM) |
Severity: Normal | Resolution:
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by timgraham):

* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0


Old description:

> == The problem ==
>
> There are defined only four schemes as default: http,https,ftp,ftps.
> But URL can have many many more valid schemes.
> HTTP and FTP as good defaults are invalid - they are too limited.
>
> There is no simple way to extend these schemes nor disable scheme
> validation.
> We must extend URLField and redeclare `default_validators` class
> property, which is too complex for that simple case.
>
> == Possible solutions ==
>
> - disable scheme validation and enable it only when user defines
> `allowed_schemes` directly in URLField (backward incompatible)
> - provide `allowed_schemes` as an optional argument for URLField
> `init()`
> - provide all valid schemes as default set (based on
> https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml)
>
> == Preffered solution ==
>
> Probide all (IANA) valid schemes as default together with possibility to
> change them by URLField `init()`.

New description:

== The problem ==

There are defined only four schemes as default: http,https,ftp,ftps.
But URL can have many many more valid schemes.
HTTP and FTP as good defaults are invalid - they are too limited.

There is no simple way to extend these schemes nor disable scheme
validation.
We must extend URLField and redeclare `default_validators` class property,
which is too complex for that simple case.

== Possible solutions ==

- disable scheme validation and enable it only when user defines
`allowed_schemes` directly in URLField (backward incompatible)
- provide `allowed_schemes` as an optional argument for URLField
`init()`
- provide all valid schemes as default set (based on
https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml)

== Prefered solution ==

Provide all (IANA) valid schemes as default together with possibility to


change them by URLField `init()`.

--

Comment:

I think we can rule out any backwards incompatible solutions such as
removing the validation or changing the default to all valid schemes. I
don't see a sufficient justification for breaking all sites relying on the
current behavior. You'll need to argue your rationale on the
DevelopersMailingList and get a consensus if you want that.

It seems to me that there are too many customization points on validators
to add a new model field argument for all of them (such as
`allowed_schemes` as you proposed). For example, there have also been
requests to customize the validator's regular expressions. It doesn't seem
clean to add a model field argument for each one of those validator
attributes.

I'd like to try for a more general solution to allow customizing the
`default_validators` as I described in #25594. I believe that would meet
the use case of this ticket.

--
Ticket URL: <https://code.djangoproject.com/ticket/25593#comment:1>

Django

unread,
Oct 24, 2015, 8:36:06 AM10/24/15
to django-...@googlegroups.com
#25593: Remove scheme validation from URLValidator or provide all IANA acceptable
schemes as defaults
-------------------------------------+-------------------------------------
Reporter: marcinn | Owner: nobody
Type: Uncategorized | Status: closed

Component: Database layer | Version: 1.8
(models, ORM) |
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage:
| Unreviewed

Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by timgraham):

* status: new => closed
* resolution: => wontfix


--
Ticket URL: <https://code.djangoproject.com/ticket/25593#comment:2>

Reply all
Reply to author
Forward
0 new messages