[
https://issues.apache.org/jira/browse/VALIDATOR-248?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12540633
]
Ben Speakmon commented on VALIDATOR-248:
----------------------------------------
DomainValidator does support labels with dashes in them: "my-machine",
"this-domain.org", etc., all work. Those are valid outside of URLs, for example
in email addresses.
The question is how (or if) a URL with unqualified machine names or invalid
TLDs should be validated. I can see cases where, as you say, you'd want to
allow machine names in URLs, but I also think that shouldn't be allowed by
default since you would expect machine name URLs to not validate in
security-sensitive contexts such as web form validation.
So right now it works like this in UrlValidator (omitting nonrelevant parts):
if authority doesn't validate in DomainValidator {
if authority doesn't validate in InetAddressValidator {
false
}
}
I'm proposing changing it to this:
if ALLOW_MACHINE_NAMES && authority is in nameslist {
true // "localhost", "my-machine", etc., specified by user will validate
here, "blah" will not
} else {
// as above
}
This makes UrlValidator smart enough to handle machine name cases and also lets
you do stuff like http://my-machine.rack.colo/app/test, so you can even use
illegal TLDs if you really want.
DomainValidator, on the other hand, should not be changed. It has a very
narrowly defined scope: validating IANA-approved TLDs and domain names that use
them. Since UrlValidator requires functionality above and beyond that, it makes
sense to put that logic in UrlValidator. Since domain names (as opposed to
hostnames/authorities in URLs and RFC 2396) are either valid or not, it doesn't
make sense to allow DomainValidator to loosen its rules.
> Add an option to allow 'localhost' as a valid hostname part in the URL
> ----------------------------------------------------------------------
>
> Key: VALIDATOR-248
> URL: https://issues.apache.org/jira/browse/VALIDATOR-248
> Project: Commons Validator
> Issue Type: Improvement
> Components: Routines
> Affects Versions: 1.3.1 Release
> Reporter: Sergey Nebolsin
> Assignee: Ben Speakmon
> Fix For: 1.4
>
> Attachments: commons-validator-allow-localhost-r592416.patch,
> commons-validator-allow-non-iana-tlds-r592416.patch
>
>
> Working on Grails we've discovered
> (http://jira.codehaus.org/browse/GRAILS-1692) that commons-validator's
> UrlValidator rejects URLs like "http://localhost:8080/tau_gwi_00/clif/cb/19";.
> I looked at commons-validator sources and found that any URL which contains
> 'localhost' as it's hostname part will be rejected.
> RFC-2396 (http://www.ietf.org/rfc/rfc2396.txt) accepts 'localhost' as a valid
> hostname (appendix G.3 paragraph 2 says that explicitly).
> So, it would be good to have additional option (UrlValidator.ALLOW_LOCALHOST)
> which will control UrlValidator behavior on localhost URLs.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
