-
Notifications
You must be signed in to change notification settings - Fork 192
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve validation for URL field. #306
Comments
Let's think about it:
Will we block some URIs input with stricter validation rules? When I was cleaning bugzilla for old bugs, I have seen a load of bugs related to desktop apps but having Web UI (ala FilemakerPro). They certainly have URLs but not necessary known. But maybe we can still make it more useful by guiding the user to add a useful link. Maybe it's a matter of encouraging with an appropriate message based on patterns s/he has input. Maybe we can check if the entered link calls home aka not |
I would prefer to be pretty liberal in what we accept. But "a" is probably too liberal. ^_^ I like the idea of doing a quick XHR request looking for non 4XX or 5XX responses. But indeed a report could be "foo.com serving 500 to bar browser". |
https://mathiasbynens.be/demo/url-regex is interesting, perhaps of use. |
From that list, Diego's satisfies all the constraints but perhaps it isn't that useful--it is supposed to fail on |
Just exploring this option. Here's the modified regex:
Some tests (you can paste that into your console and test via Good results: Less good results?:
One reason I'm leaning towards this versus the XHR test is that it will be slightly more liberal. I know the 5XX or 4XX point that @karlcow mentions is not a very common bug report we get, but it would be very frustrating if you were trying to report just that and the form prevented you from doing so. This regex wouldn't have that problem. But, as is, it could potentially let in invalid URLs. Just a point of data, I haven't really seen many bogus URLs be reported, apart from the few anonymous spam/test reports. |
Setting "help-wanted" and "good-first-patch" on this bug. It's fairly low priority (IMO), but would be a good way to get to know some of the code-base. |
Let's close this and revisit if we find we're getting lots of bad URLs. |
See https://bugzilla.mozilla.org/show_bug.cgi?id=1024807#c42. Currently just a single letter will pass domain validation, which isn't very useful.
Possibly we might want to perform actual domain validation.
The text was updated successfully, but these errors were encountered: