Struts 2
  1. Struts 2
  2. WW-3688

JavaScript URL validator in the FreeMarker template fails many valid URLs


    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.3.1
    • Component/s: None
    • Labels:
    • Flags:


      As far as I can tell, it will not allow the following in the path/query of an URL:
      "&", ";", "=" (query string)
      "+", "%" (encoded characters)
      "." (extensions)

      There are several others.

      In addition, particular hosts are not valid due to a lack of country code:

      My understanding of the URI specification ( is that the following delimiters are valid unencoded: :/@!$&'()*+,;=, and the following characters are also allowed: .-_~, as well as pct-encoded %xx

      I've attached a patch to allow the extra characters, and to use those definitions for the userinfo and host as allowed in the spec. I've also broken out path, query and fragment explicitly.

      There are still several other valid URIs that this won't allow (e.g. file:///..., IPv6 addresses), and there's a chance that the server-side validation (using will differ to the client side - so it may be good to allow URL validation to be deferred to the server as an option as well.

      1. WW-3688.diff
        1 kB
        Brett Porter


        Lukasz Lenart made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Maurizio Cucchiara made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Assignee Maurizio Cucchiara [ maurizio.cucchiara ]
        Fix Version/s 2.3 [ 12315916 ]
        Resolution Fixed [ 1 ]
        Brett Porter made changes -
        Field Original Value New Value
        Attachment WW-3688.diff [ 12497417 ]
        Brett Porter created issue -


          • Assignee:
            Maurizio Cucchiara
            Brett Porter
          • Votes:
            0 Vote for this issue
            0 Start watching this issue


            • Created: