URL protocol validation puzzlers
Eirik Bjørsnøs
eirbjo at gmail.com
Fri Jan 22 08:46:01 UTC 2021
Hello,
While looking into reducing string allocation in URL constructors, I found
the following somewhat puzzling:
// Throws MUE as expected: "no protocol: 1nvalid://resource"
// Reason: "1nvalid" is not a valid scheme (cannot start with a digit)
// See https://www.ietf.org/rfc/rfc2396.html#section-3.1
@Test(expected = MalformedURLException.class)
public void shouldDetectInvalidProtocolName() throws MalformedURLException {
new URL("1nvalid://resource");
}
// This does not throw MUE, even when the protocol name is invalid
@Test(expected = MalformedURLException.class)
public void shouldDetectExplicitInvalidProtocolName() throws
MalformedURLException {
new URL("1nvalid", null, -1, "/resource", new StreamHandler());
}
// Does not throw MUE even if RFC2396 only allows ascii characters (a-z and
A-Z)
@Test(expected = MalformedURLException.class)
public void shouldDetectNonAsciiProtocol() throws MalformedURLException {
new URL("øl://resource"); // "øl" handler registered
via URLStreamHandlerProvider
}
A few observations:
1: Misleading error message for invalid protocol
The error message "no protocol: 1nvalid://resource" is a bit misleading.
Instead of "no protocol" it should perhaps say "invalid protocol" ?
2: Inconsistent rejection of invalid protocols
URL rejects invalid URLs when parsing a spec string, but not when given an
explicit protocol parameter. (For me this feels inconsistent and also
causes a slight practical complication of my refactoring effort, since it
needs to carry over the two different behaviors when dealing with protocol
names)
3 Non-ascii protocol names are allowed:
isValidProtocol does not reject non-ascii unicode characters so it does not
strictly follow RFC2396
Given that this class is @since 1.0 there is probably some resistance to
changing behaviour in this area?
WDYT?
Cheers,
Eirik.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/net-dev/attachments/20210122/11403700/attachment.htm>
More information about the net-dev
mailing list