commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebb (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (VALIDATOR-396) Check missing if unwise characters (backslash etc., see rfc2396) are used
Date Sat, 04 Feb 2017 15:21:51 GMT

     [ https://issues.apache.org/jira/browse/VALIDATOR-396?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sebb resolved VALIDATOR-396.
----------------------------
    Resolution: Not A Bug

This is not a bug, because such characters are allowed and will be handled by well-behaved
applications.

If additional validation is required to suit individual broken apps then this will have to
be provided by the user as required for the particular application.
(Or better, the app should be fixed).

If Validator were to start rejecting unwise characters then it is may break valid apps.

> Check missing if unwise characters (backslash etc., see rfc2396) are used
> -------------------------------------------------------------------------
>
>                 Key: VALIDATOR-396
>                 URL: https://issues.apache.org/jira/browse/VALIDATOR-396
>             Project: Commons Validator
>          Issue Type: Bug
>          Components: Routines
>    Affects Versions: 1.5.0
>         Environment: all
>            Reporter: dr0i
>              Labels: easyfix
>   Original Estimate: 0.5h
>  Remaining Estimate: 0.5h
>
> From the rfc2396:
> "
>    Other characters are excluded because gateways and other transport
>    agents are known to sometimes modify such characters, or they are
>    used as delimiters.
>    unwise      = "{" | "}" | "|" | "\" | "^" | "[" | "]" | "`"
>    Data corresponding to excluded characters must be escaped in order to
>    be properly represented within a URI.
> "
> The URLValidator doesn't check if an "unwise" character is used as unescaped char and
subsequently reports a URL as valid if it has an unwise character in it. There are some applications
out there which break eating such a URL.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message