search

networknt / json-schema-validator

A fast Java JSON schema validator that supports draft V4, V6, V7, V2019-09 and V2020-12
Apache License 2.0
800 stars 320 forks source link

"http://" should be considered as a valid iri-reference #1070

Closed marob closed 2 weeks ago

marob commented 2 weeks ago

Because of this code, "http://" is considered as an invalid iri-reference.

Indeed, URI documentation tells it's following RFC 2396, and according to that RFC, it requires a non empty "authority" (if I understand well the BNC grammar):

URI-reference = [ absoluteURI | relativeURI ] [ "#" fragment ]
absoluteURI   = scheme ":" ( hier_part | opaque_part )
relativeURI   = ( net_path | abs_path | rel_path ) [ "?" query ]
hier_part     = ( net_path | abs_path ) [ "?" query ]
net_path      = "//" authority [ abs_path ]
authority     = server | reg_name
reg_name      = 1*( unreserved | escaped | "$" | "," |
                           ";" | ":" | "@" | "&" | "=" | "+" )
server        = [ [ userinfo "@" ] hostport ]
userinfo      = *( unreserved | escaped |
                        ";" | ":" | "&" | "=" | "+" | "$" | "," )
hostport      = host [ ":" port ]
host          = hostname | IPv4address
hostname      = *( domainlabel "." ) toplabel [ "." ]

But, according to RFC 3987 that defines iri-reference, "http://" should be considered valid:

IRI-reference  = IRI / irelative-ref
IRI            = scheme ":" ihier-part [ "?" iquery ]
                         [ "#" ifragment ]
ihier-part     = "//" iauthority ipath-abempty
                  / ipath-absolute
                  / ipath-rootless
                  / ipath-empty
iauthority     = [ iuserinfo "@" ] ihost [ ":" port ]
ihost          = IP-literal / IPv4address / ireg-name
ireg-name      = *( iunreserved / pct-encoded / sub-delims )

The difference is that ireg-name has a *(...) that allows to be empty while reg_name has a 1*(...).

justin-tay commented 2 weeks ago

Thanks for the bug report. You are correct that "http://" is a valid iri reference.