improvement : add domain name validation

fabian-hiller / valibot

The modular and type safe schema library for validating structural data 🤖

https://valibot.dev

MIT License

6.32k stars 204 forks source link

improvement : add domain name validation #894

Open neyzth opened 4 weeks ago

neyzth commented 4 weeks ago

Hello, as a IT guy i have to work sometimes with domain name, not url. Something to check if the input like :

corebackbone.par.franceix.net

vl223.par-itx5-dist-2.cdn77.com

have a valid domain name syntax.

Is this possible to add a action for validating this kind of inputs please ?

fabian-hiller commented 4 weeks ago

Yes, we can add a domain action. Is there any regex you would recommend? Would you be interested in creating a PR?

neyzth commented 4 weeks ago

hi, this kind of regex i guess :

^((?!-)[A-Za-z0-9-]{1,63}(?<!-).)+[A-Za-z]{2,}$

fabian-hiller commented 3 weeks ago

Are you interested in creating a PR that implements the action and adds tests? This action is very similar to other actions like email or decimal. You could just copy one of them and use it as a template.

JacKyDev commented 3 weeks ago

If the questioner doesn’t want to, I’d do it. However, I’d only be able to manage it next week.

I wanted to dive deeper into the valibot code anyway. But only if you agree, as the questioner hasn’t responded yet.

paksa92 commented 2 weeks ago

I implemented it: #907

fabian-hiller commented 2 weeks ago

I am focusing on our v1 release at the moment. In the meantime, I recommend using the regex with our regex action as a workaround.

JacKyDev commented 2 weeks ago

@fabian-hiller : A quick general question about PRs since I’m looking at one right now. Should the .mdx files for the website, like menu.md and properties.ts, also be updated? Otherwise, it would mean the features are there but not visible anywhere (like in the docs).

fabian-hiller commented 2 weeks ago

Yes, but I can also take care of the details because I know it can be hard to understand all the connections.

tats-u commented 1 week ago

https://makenowjust-labs.github.io/recheck/playground/

/^((?!-)[A-Za-z0-9-]{1,63}(?<!-).)+[A-Za-z]{2,}$/.test('0' + '0-'.repeat(30) + '\x00')

took about 10s to yield false. The attack string's length is just 62.

paksa92 commented 1 week ago

@tats-u we agreed on this final regex pattern: /^(?=.{1,253}$)(?!-)([a-z0-9-]{1,63}(?<!-)\.)+[a-z]{2,63}$/iu in #907.

Which is safe according to the tool you provided:

tats-u commented 1 week ago

I see. That's a good news. We don't have to care about ReDoS now.