#7433 closed (invalid)
Url not recognize as valid in URLField
Reported by: | Owned by: | nobody | |
---|---|---|---|
Component: | Forms | Version: | dev |
Severity: | Keywords: | URLField | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Had been rejected by URLField as No Valid.
Change History (5)
comment:1 by , 17 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
comment:2 by , 17 years ago
Resolution: | invalid |
---|---|
Status: | closed → reopened |
The URL is valid and works it's passing parameters to a script to redirect to other web
comment:3 by , 17 years ago
Resolution: | → invalid |
---|---|
Status: | reopened → closed |
Clearly by the RFC I linked it is not valid as it contains forbidden characters '/' and '?' in the searchpart. How do you define valid?
Do you suggest that Django should ignore standards?
If you want to reopen this ticket again please state by which standards the url is valid.
If you want to ignore ietf standards then you can easily implement your own URLField which would work according to your own standards.
comment:4 by , 17 years ago
I believe that the correct way is to escape the characters that aren't permitted in the search part.
Instead of http://example.com/q?next=http://example.com/2?q=blah
It would be: http://example.com/q?next=http://example.com/?q=blah
I could be wrong, but it would be interesting to see if the current URL field validates an html-escaped URL. ::shrug::
comment:5 by , 17 years ago
Replying to badbuay@gmail.com:
Had been rejected by URLField as No Valid.
Sure it's invalid. The reserved caracters pointed by edgarsj must be scaped, like:
http:// == http%3A
and so on, you can play with urllib.quote() to see this.
The fact that you can type this url in a browser and see it working doesn't mean it's valid:
- The browser maybe encoding the URL on it's own, i.e. if you place spaces in a URL in Firefox it will change them for %20.
- The server may be accepting such urls, althought invalid they can be parsed, but shouldn't.
Also note that for a lazy programer it's easy to simply read the "url" parameter from GET than decoding it.
I don't think this URL is valid.
From http://www.ietf.org/rfc/rfc1738.txt
...
3.3. HTTP
...
An HTTP URL takes the form:
...
Within the <path> and <searchpart> components, "/", ";", "?" are