Hi,
-- I've come across some strings which I think aren't valid URLs that nevertheless pass validation by django.core.validators.URLValidator in Django 2.0.6 and 1.11.13. I know URL validation is very tricky, but these seemed to me that they should obviously fail.
http://#FOO#/bar@example.com
I believe that this is passing validation because "#FOO#/bar" is being treated as a username, with "example.com" as the hostname. However, "#FOO#/bar" shouldn't be valid as a username because the "#" and "/" characters aren't percent-encoded.
http://FOO/bar@example.com
Similarly, I think this passes validation not because "FOO" is being treated as a valid hostname, but because "FOO/bar" is considered a username, even though "/" isn't percent-encoded.
Should this be considered a bug? (Sure, it's pretty obscure, but this has actually come up in my particular use case.)
Thanks,
Tim Bell
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/1166dac3-8c2b-4191-8130-5d9c146e4390%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment