Validator.js: isURL() incorrectly claims http:// is valid url
validator.isURL('http://', { require_host: false }); // returns true
I understand that I could set require_host: true to get the right result, but then if the test string is a relative url (/example/foo.html), it won't validate. And I can't just || two executions of isURL() to cover both cases (as suggested for a similar issue), because it will lead to an incorrect result because http:// is flagged as valid in the above example:
var str = '/example/foo.html';
validator.isURL(str, { require_host: true }) || validator.isURL(str, { require_host: false }) // true
var str = 'http://';
validator.isURL(str, { require_host: true }) || validator.isURL(str, { require_host: false }) // true
It seems like validator should recognize that passing a protocol and nothing else cannot be a valid url, even if configured for not requiring a hostname.
src-code
All 5 comments
This is fixed in an upcoming release.
chriso
on 7 Jul 2017
Was this actually fixed, I am seeing this as a validURL, and I can't see how it is:
validator.isURL('http://www.te');
dsacramone
on 8 Sep 2017
.te isn't a valid country code domain AFAIK, but if it were, www.te would
technically be a well-formed and valid URL. (eg www.com exists.)
src-code
on 8 Sep 2017
validator.isURL('www.bro', { require_tld: true }) <-- WHY is this returning true. I clearly do NOT have a TLD here, yet, it is saying 'a-ok', why?
dsacramone
on 27 Oct 2017
@dsacramone see #623, #428, #429, https://github.com/chriso/validator.js/issues/704#issuecomment-325167598.
www.bro is a syntactically-valid URL string, and bro is a syntactically-valid generic TLD. There is nothing special about the www subdomain, e.g. www.com is a valid hostname that resolves – there doesn't have to be anything between www and the TLD. Checking whether the generic TLD is registered with IANA is outside the scope of the library. The library doesn't, and will never, include the full, ever-changing list of generic TLDs – all it can do is check whether the string is valid. Checking whether the hostname resolves is also outside the scope of the library, although this is easy to do yourself if you're validating on the backend.
chriso
on 27 Oct 2017
Related issues
AnandChowdhary
·
3Comments
rubiin
·
3Comments
malkhuzayyim
·
4Comments
philfreo
·
3Comments
smohiuddin
·
4Comments
Most helpful comment
@dsacramone see #623, #428, #429, https://github.com/chriso/validator.js/issues/704#issuecomment-325167598.
www.brois a syntactically-valid URL string, andbrois a syntactically-valid generic TLD. There is nothing special about thewwwsubdomain, e.g. www.com is a valid hostname that resolves – there doesn't have to be anything betweenwwwand the TLD. Checking whether the generic TLD is registered with IANA is outside the scope of the library. The library doesn't, and will never, include the full, ever-changing list of generic TLDs – all it can do is check whether the string is valid. Checking whether the hostname resolves is also outside the scope of the library, although this is easy to do yourself if you're validating on the backend.