Opened 11 years ago

Closed 11 years ago

Last modified 11 years ago

#7433 closed (invalid)

Url not recognize as valid in URLField

Reported by: badbuay@… Owned by: nobody
Component: Forms Version: master
Severity: Keywords: URLField
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Change History (5)

comment:1 Changed 11 years ago by edgarsj

Resolution: invalid
Status: newclosed

I don't think this URL is valid.

3.3. HTTP
An HTTP URL takes the form:


Within the <path> and <searchpart> components, "/", ";", "?" are

reserved. The "/" character may be used within HTTP to designate a
hierarchical structure.

comment:2 Changed 11 years ago by badbuay@…

Resolution: invalid
Status: closedreopened

The URL is valid and works it's passing parameters to a script to redirect to other web

comment:3 Changed 11 years ago by edgarsj

Resolution: invalid
Status: reopenedclosed

Clearly by the RFC I linked it is not valid as it contains forbidden characters '/' and '?' in the searchpart. How do you define valid?

Do you suggest that Django should ignore standards?

If you want to reopen this ticket again please state by which standards the url is valid.

If you want to ignore ietf standards then you can easily implement your own URLField which would work according to your own standards.

comment:4 Changed 11 years ago by Jeff Anderson

I believe that the correct way is to escape the characters that aren't permitted in the search part.

Instead of
It would be:;&#47;&#47;;&#63;q=blah

I could be wrong, but it would be interesting to see if the current URL field validates an html-escaped URL. ::shrug::

comment:5 in reply to:  description Changed 11 years ago by Marc Fargas

Replying to

This valid URL:!mpro=^^&AID=¤¤&DURL=http%253A//

Had been rejected by URLField as No Valid.

Sure it's invalid. The reserved caracters pointed by edgarsj must be scaped, like:

http:// == http%3A

and so on, you can play with urllib.quote() to see this.

The fact that you can type this url in a browser and see it working doesn't mean it's valid:

  • The browser maybe encoding the URL on it's own, i.e. if you place spaces in a URL in Firefox it will change them for %20.
  • The server may be accepting such urls, althought invalid they can be parsed, but shouldn't.

Also note that for a lazy programer it's easy to simply read the "url" parameter from GET than decoding it.

Note: See TracTickets for help on using tickets.
Back to Top