Opened 5 years ago

Last modified 2 years ago

#18487 new defect

dojox.validate.regexp.host expression too permissive

Reported by: mrkamath Owned by: Adam Peller
Priority: undecided Milestone: 1.14
Component: Dojox Version: 1.9.3
Keywords: Cc:
Blocked By: Blocking:

Description

I found a couple problems with this line in the host function:

if(flags.allowNamed){ hostNameRE += "|^[^-][a-zA-Z0-9_-]*"; }

First, it expects it to be at the start of the line. But typing a url with http:// at the beginning means the host section will not be at the beginning of the line.

Second,

[^-]

means ANY character other than dash. It should be ANY letter or number. It allows you to start a hostname with a ampersand or paren or @ sign. That isn't right.

There might be a better way to do it but I implemented my fix using this:

if(flags.allowNamed){ hostNameRE += "|[a-zA-Z0-9]+?[a-zA-Z0-9_-]*"; }

It means 1 letter or number followed by any number of letters, numbers, underscores or dashes. It still isn't perfect because hostnames can't end with a dash either but it is an improvement.

Change History (2)

comment:1 Changed 4 years ago by dylan

Milestone: tbd1.12

comment:2 Changed 2 years ago by dylan

Milestone: 1.131.14
Note: See TracTickets for help on using tickets.