http://codereview.appspot.com/1875044/diff/2001/3005
File features/src/main/javascript/features/shindig.uri/uri.js (right):
http://codereview.appspot.com/1875044/diff/2001/3005#newcode60
features/src/main/javascript/features/shindig.uri/uri.js:60: function
parseFrom(url) {
On 2010/07/21 06:41:44, jasvir wrote:
I don't think parsing from the end rather than from the beginning
works
correctly for URLs. http://www.google.com/search?hl=en&q=:// for
example will
be misparsed by this code I suspect.
At the risk of quoting RFCs, RFC 3986 gives a handy regular expression
for
splitting a URL.
^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?
12 3 4 5 6 7 8 9
scheme = $2
authority = $4
path = $5
query = $7
fragment = $9
Note this regex allows the authority to be things like
//host.com:daytime (where
the port is a named port rather than a number) and //host.com:evil.com
(which
some browsers like FF3.5 and Opera will accept to mean //host.com).
If you want
to defend against that, I'd recommend split the authority into host
and port and
ensuring that the port is a number.
Nice find jasvir.
http://codereview.appspot.com/1875044/show
