search

pallets-eco / wtforms

A flexible forms validation and rendering library for Python.
https://wtforms.readthedocs.io
BSD 3-Clause "New" or "Revised" License
1.51k stars 395 forks source link

URL validator has incorrect regexp range for scheme #841

Open maspling opened 6 months ago

maspling commented 6 months ago

The URL validator supports a scheme, at 3.1.2 the validator regex support ^[a-z]+:// while according to RFC 1738 (https://datatracker.ietf.org/doc/html/rfc1738#section-2.1) :

Scheme names consist of a sequence of characters. The lower case
   letters "a"--"z", digits, and the characters plus ("+"), period
   ("."), and hyphen ("-") are allowed.

This might break the flow of apps where you would be redirected to a url with a custom scheme causing an app to trigger, such as oauth client registrations. (https://datatracker.ietf.org/doc/html/rfc8252#section-7.1 as an example)

Actual Behavior


import wtforms
from wtforms.validators import URL

class F(wtforms.Form):
    foo = wtforms.StringField(
        validators=[URL(require_tld=False)]
    )

result = F(foo="com.example.app://callback").validate()
print(result)
> False

### Expected Behavior

```python

import wtforms
from wtforms.validators import URL

class F(wtforms.Form):
    foo = wtforms.StringField(
        validators=[URL(require_tld=False)]
    )

result = F(foo="com.example.app://callback").validate()
print(result)
> True

Environment

azmeuk commented 1 week ago

Might be fixed by #847