Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#7433 closed (invalid)

Url not recognize as valid in URLField

Reported by: badbuay@… Owned by: nobody
Component: Forms Version: master
Severity: Keywords: URLField
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Change History (5)

comment:1 Changed 7 years ago by edgarsj

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to invalid
  • Status changed from new to closed

I don't think this URL is valid.

From http://www.ietf.org/rfc/rfc1738.txt
...
3.3. HTTP
...
An HTTP URL takes the form:

http://<host>:<port>/<path>?<searchpart>

...
Within the <path> and <searchpart> components, "/", ";", "?" are

reserved. The "/" character may be used within HTTP to designate a
hierarchical structure.

comment:2 Changed 7 years ago by badbuay@…

  • Resolution invalid deleted
  • Status changed from closed to reopened

The URL is valid and works it's passing parameters to a script to redirect to other web

comment:3 Changed 7 years ago by edgarsj

  • Resolution set to invalid
  • Status changed from reopened to closed

Clearly by the RFC I linked it is not valid as it contains forbidden characters '/' and '?' in the searchpart. How do you define valid?

Do you suggest that Django should ignore standards?

If you want to reopen this ticket again please state by which standards the url is valid.

If you want to ignore ietf standards then you can easily implement your own URLField which would work according to your own standards.

comment:4 Changed 7 years ago by programmerq

I believe that the correct way is to escape the characters that aren't permitted in the search part.

Instead of http://example.com/q?next=http://example.com/2?q=blah
It would be: http://example.com/q?next=http&#58;&#47;&#47;example.com&#47;&#63;q=blah

I could be wrong, but it would be interesting to see if the current URL field validates an html-escaped URL. ::shrug::

comment:5 in reply to: ↑ description Changed 7 years ago by telenieko

Replying to badbuay@gmail.com:

Hi.
This valid URL: http://clk.tradedoubler.com/click?p=1111&a=1111111&g=111111&url=http://adfarm.mediaplex.com/ad/ck/2404-54910-11728-1?!mpro=http://lt.dell.com/lt/lt.aspx?CID=5212&LID=122756&DGC=AF&DGSegHS&ACD=^^&AID=¤¤&DURL=http%253A//www1.euro.dell.com/content/products/category.aspx/notebooks%253Fc%253Des%2526cs%253Desdhs1%2526l%253Des%2526s%253Ddhs

Had been rejected by URLField as No Valid.

Sure it's invalid. The reserved caracters pointed by edgarsj must be scaped, like:

http:// == http%3A

and so on, you can play with urllib.quote() to see this.

The fact that you can type this url in a browser and see it working doesn't mean it's valid:

  • The browser maybe encoding the URL on it's own, i.e. if you place spaces in a URL in Firefox it will change them for %20.
  • The server may be accepting such urls, althought invalid they can be parsed, but shouldn't.

Also note that for a lazy programer it's easy to simply read the "url" parameter from GET than decoding it.

Note: See TracTickets for help on using tickets.
Back to Top