Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.4.0 Release
-
None
Description
When UrlValidator is supplied an authority validator, if the authority fails the authority validator, but is an otherwise valid authority, the UrlValidator reports the URL is valid. Here is a test case:
@Test
public void testUrlValidator() throws Exception {
String regex = ".*amazon\\.com";
RegexValidator authorityValidator = new RegexValidator(regex);
UrlValidator validator = new UrlValidator(authorityValidator, UrlValidator.ALLOW_ALL_SCHEMES);
assertThat("amazon.com", Pattern.matches(regex, "amazon.com"), is(true));
assertThat("google.com", Pattern.matches(regex, "google.com"), is(false));
assertThat("amazon.com", authorityValidator.isValid("amazon.com"), is(true));
assertThat("google.com", authorityValidator.isValid("google.com"), is(false));
assertThat("amazon.com", validator.isValid("http://amazon.com/somepath"), is(true));
assertThat("google.com", validator.isValid("http://google.com/somepath"), is(false)); // fails
}
It appears that UrlAuthority.isValidAuthority() will return true if the URL passes the authorityValidator (line 365). But if the URL fails the authorityValidator, it can still pass the other validation checks. Shouldn't the validation fail if the URL fails the authorityValidator, regardless if it is an otherwise valid authority?
Attachments
Issue Links
- is related to
-
VALIDATOR-248 Add an option to allow 'localhost' as a valid hostname part in the URL
-
- Closed
-