Struts 2
  1. Struts 2
  2. WW-3688

JavaScript URL validator in the FreeMarker template fails many valid URLs

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.3.1
    • Component/s: None
    • Labels:
      None
    • Flags:
      Patch

      Description

      As far as I can tell, it will not allow the following in the path/query of an URL:
      "&", ";", "=" (query string)
      "+", "%" (encoded characters)
      "." (extensions)

      There are several others.

      In addition, particular hosts are not valid due to a lack of country code:

      My understanding of the URI specification (http://tools.ietf.org/html/rfc3986) is that the following delimiters are valid unencoded: :/@!$&'()*+,;=, and the following characters are also allowed: .-_~, as well as pct-encoded %xx

      I've attached a patch to allow the extra characters, and to use those definitions for the userinfo and host as allowed in the spec. I've also broken out path, query and fragment explicitly.

      There are still several other valid URIs that this won't allow (e.g. file:///..., IPv6 addresses), and there's a chance that the server-side validation (using java.net.URL) will differ to the client side - so it may be good to allow URL validation to be deferred to the server as an option as well.

      1. WW-3688.diff
        1 kB
        Brett Porter

        Activity

        Hide
        Maurizio Cucchiara added a comment -

        Applied.
        Thank you, Brett!

        Show
        Maurizio Cucchiara added a comment - Applied. Thank you, Brett!
        Hide
        Hudson added a comment -

        Integrated in Struts2 #358 (See https://builds.apache.org/job/Struts2/358/)
        WW-3688 JavaScript URL validator in the FreeMarker template fails many valid URLs

        mcucchiara :
        Files :

        • /struts/struts2/trunk/core/src/main/resources/template/xhtml/form-close-validate.ftl
        Show
        Hudson added a comment - Integrated in Struts2 #358 (See https://builds.apache.org/job/Struts2/358/ ) WW-3688 JavaScript URL validator in the FreeMarker template fails many valid URLs mcucchiara : Files : /struts/struts2/trunk/core/src/main/resources/template/xhtml/form-close-validate.ftl

          People

          • Assignee:
            Maurizio Cucchiara
            Reporter:
            Brett Porter
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development