URL scheme validation does not correctly implement RFC 3986

I am trying to use curl_url_set to validate a string and check whether it's a valid URL. I use option CURLU_NON_SUPPORT_SCHEME as I need to support custom schemes.

[In urlapi.c](https://github.com/curl/curl/blob/master/lib/urlapi.c#L216), there is the following comment:

>       /* RFC 3986 3.1 explains:
>         scheme      = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
>       */

But actual implementation is more like:

>         scheme      =  1*( ALPHA / DIGIT / "+" / "-" / "." )

I have tested that the following examples are marked by libcurl curl_url_set as valid:

- 1h://example1
- ..://example2
- -://example3
-+://example4

Those are not valid URLs according to RFC 3986 3.1, but libcurl treats them as valid ones.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

URL scheme validation does not correctly implement RFC 3986 #11249

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

URL scheme validation does not correctly implement RFC 3986 #11249

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions