6:02 a.m.
URL Validator not effective
---------------------------
Key: HV-406
URL: http://opensource.atlassian.com/projects/hibernate/browse/HV-406
Project: Hibernate Validator
Issue Type: Bug
Affects Versions: 4.1.0.Final
Reporter: Marc Schipperheyn
Assignee: Hardy Ferentschik
Priority: Minor
The supplied URL Validator basically doesn't work. Or at least not as expected.
It creates a URL against the URL class and if it fails this, it returns false. There are
multiple problems with this:
* A URL like http://bljdlfghjdlgjlfd is perfectly valid according to the URL class
(intranet domains can be anything)
* It's not the most efficient way to test this (generating an error etc)
In order to retain backward compatibility I would suggest adding an "internet"
attribute, which would force the validator to really check for minimally one dot, maximum
3 characters in the domain extension, etc. Because that is what you would normally want
from a validator like this.
Also, I would not use the URL class, but use a regular expression. A more elegant way to
check this.
The URL class approach could be retained for when the "internet" attribute is
false
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://opensource.atlassian.com/projects/hibernate/secure/Administrators....
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
7:21 a.m.
New subject: [Hibernate-JIRA] Updated: (HV-406) URL Validator not effective
[
http://opensource.atlassian.com/projects/hibernate/browse/HV-406?page=com...
]
Hardy Ferentschik updated HV-406:
---------------------------------
Fix Version/s: 4.x
URL Validator not effective
---------------------------
Key: HV-406
URL: http://opensource.atlassian.com/projects/hibernate/browse/HV-406
Project: Hibernate Validator
Issue Type: Bug
Affects Versions: 4.1.0.Final
Reporter: Marc Schipperheyn
Assignee: Hardy Ferentschik
Priority: Minor
Fix For: 4.x
The supplied URL Validator basically doesn't work. Or at least not as expected.
It creates a URL against the URL class and if it fails this, it returns false. There are
multiple problems with this:
* A URL like http://bljdlfghjdlgjlfd is perfectly valid according to the URL class
(intranet domains can be anything)
* It's not the most efficient way to test this (generating an error etc)
In order to retain backward compatibility I would suggest adding an "internet"
attribute, which would force the validator to really check for minimally one dot, maximum
3 characters in the domain extension, etc. Because that is what you would normally want
from a validator like this.
Also, I would not use the URL class, but use a regular expression. A more elegant way to
check this.
The URL class approach could be retained for when the "internet" attribute is
false
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://opensource.atlassian.com/projects/hibernate/secure/Administrators....
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
7:35 a.m.
New subject: [Hibernate-JIRA] Updated: (HV-406) URL Validator not effective
[
http://opensource.atlassian.com/projects/hibernate/browse/HV-406?page=com...
]
Hardy Ferentschik updated HV-406:
---------------------------------
Component/s: validators
URL Validator not effective
---------------------------
Key: HV-406
URL: http://opensource.atlassian.com/projects/hibernate/browse/HV-406
Project: Hibernate Validator
Issue Type: Bug
Components: validators
Affects Versions: 4.1.0.Final
Reporter: Marc Schipperheyn
Assignee: Hardy Ferentschik
Priority: Minor
Fix For: 4.x
The supplied URL Validator basically doesn't work. Or at least not as expected.
It creates a URL against the URL class and if it fails this, it returns false. There are
multiple problems with this:
* A URL like http://bljdlfghjdlgjlfd is perfectly valid according to the URL class
(intranet domains can be anything)
* It's not the most efficient way to test this (generating an error etc)
In order to retain backward compatibility I would suggest adding an "internet"
attribute, which would force the validator to really check for minimally one dot, maximum
3 characters in the domain extension, etc. Because that is what you would normally want
from a validator like this.
Also, I would not use the URL class, but use a regular expression. A more elegant way to
check this.
The URL class approach could be retained for when the "internet" attribute is
false
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://opensource.atlassian.com/projects/hibernate/secure/Administrators....
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
1:46 p.m.
New subject: [Hibernate-JIRA] Updated: (HV-406) URL Validator not effective
[
http://opensource.atlassian.com/projects/hibernate/browse/HV-406?page=com...
]
Hardy Ferentschik updated HV-406:
---------------------------------
Fix Version/s: (was: 4.x)
4.2.0.CR1
URL Validator not effective
---------------------------
Key: HV-406
URL: http://opensource.atlassian.com/projects/hibernate/browse/HV-406
Project: Hibernate Validator
Issue Type: Bug
Components: validators
Affects Versions: 4.1.0.Final
Reporter: Marc Schipperheyn
Priority: Minor
Fix For: 4.2.0.CR1
The supplied URL Validator basically doesn't work. Or at least not as expected.
It creates a URL against the URL class and if it fails this, it returns false. There are
multiple problems with this:
* A URL like http://bljdlfghjdlgjlfd is perfectly valid according to the URL class
(intranet domains can be anything)
* It's not the most efficient way to test this (generating an error etc)
In order to retain backward compatibility I would suggest adding an "internet"
attribute, which would force the validator to really check for minimally one dot, maximum
3 characters in the domain extension, etc. Because that is what you would normally want
from a validator like this.
Also, I would not use the URL class, but use a regular expression. A more elegant way to
check this.
The URL class approach could be retained for when the "internet" attribute is
false
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://opensource.atlassian.com/projects/hibernate/secure/Administrators....
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
4:49 a.m.
New subject: [Hibernate-JIRA] Commented: (HV-406) URL Validator not effective
[
http://opensource.atlassian.com/projects/hibernate/browse/HV-406?page=com...
]
Hardy Ferentschik commented on HV-406:
--------------------------------------
I don't think that using the {{URL}} class is bad. The problem with regular
expressions is that it is hard to determine where to start and stop. If we add a regexp
checking for at least one dot and a maximum of 3 characters domain extension another user
will create a new Jira about adding additional tests and so on. In the end you end up with
a regular expression which complies with the spec, but it completely unwieldy.
That said, I could imagine adding an optional regexp attribute to the existing constraint
implementations. If specified an additional check against the regexp will be executed. It
is up to the user what he wants to check in the pattern, eg a fixed domain name and/or the
length of the domain extension.
URL Validator not effective
---------------------------
Key: HV-406
URL: http://opensource.atlassian.com/projects/hibernate/browse/HV-406
Project: Hibernate Validator
Issue Type: Bug
Components: validators
Affects Versions: 4.1.0.Final
Reporter: Marc Schipperheyn
Priority: Minor
Fix For: 4.2.0.CR1
The supplied URL Validator basically doesn't work. Or at least not as expected.
It creates a URL against the URL class and if it fails this, it returns false. There are
multiple problems with this:
* A URL like http://bljdlfghjdlgjlfd is perfectly valid according to the URL class
(intranet domains can be anything)
* It's not the most efficient way to test this (generating an error etc)
In order to retain backward compatibility I would suggest adding an "internet"
attribute, which would force the validator to really check for minimally one dot, maximum
3 characters in the domain extension, etc. Because that is what you would normally want
from a validator like this.
Also, I would not use the URL class, but use a regular expression. A more elegant way to
check this.
The URL class approach could be retained for when the "internet" attribute is
false
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://opensource.atlassian.com/projects/hibernate/secure/Administrators....
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
2:11 p.m.
New subject: [Hibernate-JIRA] Commented: (HV-406) URL Validator not effective
[
http://opensource.atlassian.com/projects/hibernate/browse/HV-406?page=com...
]
Gunnar Morling commented on HV-406:
-----------------------------------
I think this is similar to @Email - from a specification point of view much more values
are valid than one typically finds in the wild.
Restricting @URL values to "real" internet addresses seems a bit too strict IMO,
though. For instance "http://localhost" as an URL value seems not that uncommon,
so this should not be considered as invalid by HV (btw. the domain part can be longer than
three characters: *.info, *.name or even *.museum).
Generally I think the requirements for validating URLs just depend too much on the context
of the use case at hand, so it's really hard to provide a generic solution for this.
For instance according to [WP|http://en.wikipedia.org/wiki/Uniform_Resource_Locator] URLs
also could contain parts such a username or a password:
http://username:password@domain:port/ In one use case this might be valid, in others not.
Personally I feel we should stick with using java.net.URL for validation as this ensures
correctness according to what Java can process technically as URL. If in a certain
scenario a more restrictive validation is needed, using @Pattern in addition to @URL might
help.
URL Validator not effective
---------------------------
Key: HV-406
URL: http://opensource.atlassian.com/projects/hibernate/browse/HV-406
Project: Hibernate Validator
Issue Type: Bug
Components: validators
Affects Versions: 4.1.0.Final
Reporter: Marc Schipperheyn
Priority: Minor
Fix For: 4.2.0.CR1
The supplied URL Validator basically doesn't work. Or at least not as expected.
It creates a URL against the URL class and if it fails this, it returns false. There are
multiple problems with this:
* A URL like http://bljdlfghjdlgjlfd is perfectly valid according to the URL class
(intranet domains can be anything)
* It's not the most efficient way to test this (generating an error etc)
In order to retain backward compatibility I would suggest adding an "internet"
attribute, which would force the validator to really check for minimally one dot, maximum
3 characters in the domain extension, etc. Because that is what you would normally want
from a validator like this.
Also, I would not use the URL class, but use a regular expression. A more elegant way to
check this.
The URL class approach could be retained for when the "internet" attribute is
false
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://opensource.atlassian.com/projects/hibernate/secure/Administrators....
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
4:04 a.m.
New subject: [Hibernate-JIRA] Commented: (HV-406) URL Validator not effective
[
http://opensource.atlassian.com/projects/hibernate/browse/HV-406?page=com...
]
Hardy Ferentschik commented on HV-406:
--------------------------------------
I agree with Gunnar. The default behavior of the {{@URL}} constraint has to stay.
I also see the point that in the wild there are many different usecases, eg you might want
the URL to be a _.com_ one. With adding an additional optional _regexp_ parameter to
{{@URL}} we could address these requirements -
{{(a)URL(narrowingRegExp="^.*\.com/.*")}}.
This can also very easily be implement with constraint composition. I cannot see a
negative side effect of this.
URL Validator not effective
---------------------------
Key: HV-406
URL: http://opensource.atlassian.com/projects/hibernate/browse/HV-406
Project: Hibernate Validator
Issue Type: Bug
Components: validators
Affects Versions: 4.1.0.Final
Reporter: Marc Schipperheyn
Priority: Minor
Fix For: 4.2.0.CR1
The supplied URL Validator basically doesn't work. Or at least not as expected.
It creates a URL against the URL class and if it fails this, it returns false. There are
multiple problems with this:
* A URL like http://bljdlfghjdlgjlfd is perfectly valid according to the URL class
(intranet domains can be anything)
* It's not the most efficient way to test this (generating an error etc)
In order to retain backward compatibility I would suggest adding an "internet"
attribute, which would force the validator to really check for minimally one dot, maximum
3 characters in the domain extension, etc. Because that is what you would normally want
from a validator like this.
Also, I would not use the URL class, but use a regular expression. A more elegant way to
check this.
The URL class approach could be retained for when the "internet" attribute is
false
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://opensource.atlassian.com/projects/hibernate/secure/Administrators....
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5:07 a.m.
New subject: [Hibernate-JIRA] Assigned: (HV-406) URL Validator not effective
[
http://opensource.atlassian.com/projects/hibernate/browse/HV-406?page=com...
]
Hardy Ferentschik reassigned HV-406:
------------------------------------
Assignee: Hardy Ferentschik
URL Validator not effective
---------------------------
Key: HV-406
URL: http://opensource.atlassian.com/projects/hibernate/browse/HV-406
Project: Hibernate Validator
Issue Type: Bug
Components: validators
Affects Versions: 4.1.0.Final
Reporter: Marc Schipperheyn
Assignee: Hardy Ferentschik
Priority: Minor
Fix For: 4.2.0.CR1
The supplied URL Validator basically doesn't work. Or at least not as expected.
It creates a URL against the URL class and if it fails this, it returns false. There are
multiple problems with this:
* A URL like http://bljdlfghjdlgjlfd is perfectly valid according to the URL class
(intranet domains can be anything)
* It's not the most efficient way to test this (generating an error etc)
In order to retain backward compatibility I would suggest adding an "internet"
attribute, which would force the validator to really check for minimally one dot, maximum
3 characters in the domain extension, etc. Because that is what you would normally want
from a validator like this.
Also, I would not use the URL class, but use a regular expression. A more elegant way to
check this.
The URL class approach could be retained for when the "internet" attribute is
false
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://opensource.atlassian.com/projects/hibernate/secure/Administrators....
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
12:22 p.m.
New subject: [Hibernate-JIRA] Resolved: (HV-406) URL Validator not effective
[
http://opensource.atlassian.com/projects/hibernate/browse/HV-406?page=com...
]
Hardy Ferentschik resolved HV-406.
----------------------------------
Resolution: Fixed
URL Validator not effective
---------------------------
Key: HV-406
URL: http://opensource.atlassian.com/projects/hibernate/browse/HV-406
Project: Hibernate Validator
Issue Type: Bug
Components: validators
Affects Versions: 4.1.0.Final
Reporter: Marc Schipperheyn
Assignee: Hardy Ferentschik
Priority: Minor
Fix For: 4.2.0.CR1
The supplied URL Validator basically doesn't work. Or at least not as expected.
It creates a URL against the URL class and if it fails this, it returns false. There are
multiple problems with this:
* A URL like http://bljdlfghjdlgjlfd is perfectly valid according to the URL class
(intranet domains can be anything)
* It's not the most efficient way to test this (generating an error etc)
In order to retain backward compatibility I would suggest adding an "internet"
attribute, which would force the validator to really check for minimally one dot, maximum
3 characters in the domain extension, etc. Because that is what you would normally want
from a validator like this.
Also, I would not use the URL class, but use a regular expression. A more elegant way to
check this.
The URL class approach could be retained for when the "internet" attribute is
false
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://opensource.atlassian.com/projects/hibernate/secure/Administrators....
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5035
days inactive
5127
days old
hibernate-issues@lists.jboss.org
8 comments
3 participants
participants (3)
-
Gunnar Morling (JIRA) -
Hardy Ferentschik (JIRA)
-
Marc Schipperheyn (JIRA)