Opened 3 years ago

Closed 3 years ago

#26418 closed Bug (wontfix)

models.URLField does not validate with an rtmp:// url

Reported by: yeah Owned by: nobody
Component: Core (Other) Version: 1.9
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description (last modified by Tim Graham)

models.URLField does not validate with an rtmp:// url

checking the source, it is validated twice

class URLField(CharField):
    default_validators = [validators.URLValidator()]
    description = _("URL")

And

    def formfield(self, **kwargs):
        # As with CharField, this will cause URL validation to be performed
        # twice.
        defaults = {
            'form_class': forms.URLField,
        }

in django.core.validators.UrlValidator we find at least one of the culprits:

    schemes = ['http', 'https', 'ftp', 'ftps']

RFC 3986 (I believe retained for RFC7320) defines scheme:

3.1. Scheme

Each URI begins with a scheme name that refers to a specification for
assigning identifiers within that scheme. As such, the URI syntax is
a federated and extensible naming system wherein each scheme's
specification may further restrict the syntax and semantics of
identifiers using that scheme.

Scheme names consist of a sequence of characters beginning with a
letter and followed by any combination of letters, digits, plus
("+"), period ("."), or hyphen ("-"). Although schemes are case-
insensitive, the canonical form is lowercase and documents that
specify schemes must do so with lowercase letters. An implementation
should accept uppercase letters as equivalent to lowercase in scheme
names (e.g., allow "HTTP" as well as "http") for the sake of
robustness but should only produce lowercase scheme names for
consistency.

scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )

Change History (4)

comment:1 Changed 3 years ago by Tim Graham

Description: modified (diff)

It's not entirely clear what your proposal is, however, changing the default list of accepted schemes would be backwards-incompatible as described in #25593.

I believe solving #25594 would ease customizing the list of schemes and address the concern of this ticket.

comment:2 Changed 3 years ago by yeah

Having a list of schemes will always be problematic,

How about a models.URIField that matches the pattern specified in the rfc for the scheme?

That maintains the backwards compatibility for models.URLField, and avoids a messy work around.


comment:3 Changed 3 years ago by Claude Paroz

It might make sense to provide some special value for scheme, like __all__, to allow for all possible schemes (in the same spirit as the ModelForm.fields/.exclude variables).

comment:4 Changed 3 years ago by Tim Graham

Resolution: wontfix
Status: newclosed

You could propose URIField on the DevelopersMailingList. I'm not aware of any previous proposals about it. We can open a new ticket if the idea is accepted.

I created #26424 for Claude's idea of allowing URLValidator to skip the schemes validation.

Note: See TracTickets for help on using tickets.
Back to Top