Vee-validate: Unsafe URL validation regex
I discovered by accident that the regex used for URL validation is unsafe. Try running the following in your browser console:
/^https?:\/\/([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w\.\(\)%-]*)*\/?$/.test('https://d1qb2nb5cznatu.cloudfront.net/startups/i/262548-4bef7a1950ac2fb9034ca8cc4fd5a44d-medium_jpg.jpg?buster=1399656027')
This will cause your CPU to spike and probably crash your browser. I'm not sure what is it about that particular URL but it seems to be triggering some sort of bug.
Please consider using validator.js library instead of re-implementing validation rules. This library is still actively developed, been through many release cycles since 2013 and is well tested. If you keep maintaining your own rules you will run into issues like that down the road.
Keep up the good work.
nilgradisnik
All 7 comments
Okay I guess you have a point there, I have been considering this for a while, will switch before the full release probably.
Thanks for the feedback.
logaretm
on 2 Nov 2016
No problem. I'm not sure if validator.js will cover all your use cases, but you can write those separately if necessary.
nilgradisnik
on 2 Nov 2016
Yep, I can import rules individually as needed which shouldn't increase the size much. I will mix and match but I will try to use as much as possible from validator.js since its very reliable.
logaretm
on 2 Nov 2016
OK I added validator to the dev dependencies and I replaced some rules with their implementation, this should allow new rules to be imported from validator.js as well.
logaretm
on 3 Nov 2016
@logaretm What do you think about including the credit card validation that validator.js has?
BrandonSurowiec
on 5 Nov 2016
Sounds good, after including validator.js its pretty much open season. but I prefer I should focus on fixing the bugs, any help would be appreciated, you can implement it if you want.
logaretm
on 6 Nov 2016
Sure, if I see a bug I think I can fix, I'll give it a shot.
BrandonSurowiec
on 8 Nov 2016
Related issues
Etheryte
·
3Comments
MaxMilton
·
3Comments
jagasan
·
3Comments
ash0080
·
3Comments
7immer
·
3Comments
Most helpful comment
OK I added validator to the dev dependencies and I replaced some rules with their implementation, this should allow new rules to be imported from validator.js as well.