Error with URL RegEx - Githubissues

vidyuthd / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java

0 stars 0 forks source link

Error with URL RegEx #210

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

There is a bug in the Validator URL RegEx

Validator.URL=^(ht|f)tp(s?)\\:\\/\\/[0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*(:(0-9)*)*(
\\/?)([a-zA-Z0-9\\-\\.\\?\\,\\:\\'\\/\\\\\\+=&amp;%\\$#_]*)?$

I guess this should be "(:(0-9){1,5})?" and not "(:(0-9)*)*" since
you don't want URLs with multiple ports, do you? ;-)

Original issue reported on code.google.com by manico.james@gmail.com on 17 Feb 2011 at 3:18

GoogleCodeExporter commented 9 years ago

Even with that new validation, it is possible to create an url like following, 
and be validated:

http://www.something.com:80808080/text

the reason is that when the matching on the : with the numbers fail, it 
continues to the next part where : and numbers are allowed.

Original comment by cybermanuel@gmail.com on 3 May 2011 at 12:36

GoogleCodeExporter commented 9 years ago

Original comment by manico.james@gmail.com on 29 May 2012 at 3:21