You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@struts.apache.org by st...@cygnite.com on 2004/04/01 19:05:59 UTC

Re: URL validation

> The way I read http://www.faqs.org/rfcs/rfc2396.html
> section 3.3
>
> I don't believe the path segment can legally end with a '/'.
> Read the RFC and see what you think.
> 
> So I don't believe http://www.google.com:80/?action=xyz
> strictly speaking is valid, should we optionally allow for it
> probably.
> 
> http://www.google.com:80?action         would be valid
> http://www.google.com:80/path?action    would be valid
>
> 

Two points of note to my mind:

Quoting Section 3.2 of RFC:

   The authority component is preceded by a double slash "//" and is
   terminated by the next slash "/", question-mark "?", or by the end of
   the URI. 

There's nothing wrong with the server name (ie. authority) being 
terminated with a slash as in 

http://www.google.com:80/?action=xyz

since this merely translates as having no path component in the URI, 
rather than the path being "/" or is the path intended to start with the 
"/"?

In any event, section B, starts with some examples, including:

   http://www.ics.uci.edu/pub/ietf/uri/#Related

which is very similar to path/?xxxx and implies that the path component 
can indeed end with a "/" and I _believe_ but haven't actually tested that 
the regular expression a few lines above:

      ^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?

would pull out the relevant items from the URL of the form:

http://www.google.com:80/path/?action

and section C1 contains a list of "Normal Examples", one of which is:

   ?y            =  http://a/b/c/?y

I think that the URLs discussed would therefore be valid.

Steve.