Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

URI validator rejects query param square brackets #1461

Closed
elliotblackburn opened this issue Mar 21, 2018 · 5 comments · Fixed by #1487
Closed

URI validator rejects query param square brackets #1461

elliotblackburn opened this issue Mar 21, 2018 · 5 comments · Fixed by #1487
Assignees
Labels
bug Bug or defect
Milestone

Comments

@elliotblackburn
Copy link

elliotblackburn commented Mar 21, 2018

Context

  • node version: 9.7.1
  • joi version: 11.4.0
  • environment (node, browser): node
  • used with (hapi, standalone, ...): standalone
  • any other relevant information:

What I am trying to achieve

I am working on a service which consumes URL's from potentially any web site / web app / web service. We have recently come across a URL which makes use of square brackets in the query param of the URI (after the question mark). For example:

https://example.com?abc[]=123&abc[]=456

According to RFC 3986 the URI producer should be precent encoding square brackets in the query params. After searching around I came across this break down of the RFC and how it applies in this situation. After reading through the RFC it would seem that while it is not to standard to produce these URI's, the standard suggests that these URI's should still be accepted.

RFC 3986 - Section 2.2. Reserved Characters

URI producing applications should percent-encode data octets that
correspond to characters in the reserved set unless these characters
are specifically allowed by the URI scheme to represent data in that
component. If a reserved character is found in a URI component and
no delimiting role is known for that character, then it must be
interpreted as representing the data octet corresponding to that
character's encoding in US-ASCII.

In our most recent instance, we found a URL using this format from a major UK ISP website (https://signup.nowtv.com/broadband/configurator/?p[]=ADSL&o[]=SAVER_OFFER).

It would seem to me that the validation should pass and accept non-encoded square brackets in a query parameter, if nothing because there are URI's in the wild which are doing this. That said, I'm sure this may generate some significant discussion and opinion.

Code to reproduce

Sample code:

const Joi = require('joi');

const schema = Joi.object().keys({
    url: Joi.string().uri()
});

const resOne = Joi.validate({url: 'https://example.com?abc[]=123&abc[]=456'}, schema);

console.log(resOne);
// => ValidationError: child "url" fails because ["url" must be a valid uri]

const resTwo = Joi.validate({url: 'https://example.com?abc=123&abc=456'}, schema);
console.log(resTwo);
// => error: null (passes validation)
@BolajiOlajide
Copy link
Contributor

Can you update the variable names as resOne appears twice? @BlueHatbRit

@Marsup Marsup added bug Bug or defect help wanted labels Apr 29, 2018
@Marsup
Copy link
Collaborator

Marsup commented Apr 29, 2018

If you're up to it, feel free to submit a PR.

@BolajiOlajide
Copy link
Contributor

Yes sure.

@BolajiOlajide
Copy link
Contributor

Submitted a PR....

@Marsup Marsup added this to the 13.5.0 milestone Jun 29, 2018
@Marsup Marsup self-assigned this Jun 29, 2018
@lock
Copy link

lock bot commented Jan 9, 2020

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.

@lock lock bot locked as resolved and limited conversation to collaborators Jan 9, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Bug or defect
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants