Commit Graph

4 Commits

Author SHA1 Message Date
Shai Berger 17d3a6d804 Fixed catastrophic backtracking in URLValidator.
Thanks João Silva for reporting the problem and Tim Graham for finding the
problematic RE and for review.

This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
Alexey Sveshnikov bc98bc56a5 Fixed #25059 -- Allowed Punycode TLDs in URLValidator 2015-07-06 15:08:43 -04:00
Danilo Bargen 2e65d56156 Fixed #20003 -- Improved and extended URLValidator
This adds support for authentication data (`user:password`) in URLs,
IPv6 addresses, and unicode domains.

The test suite has been improved by adding test URLs from
http://mathiasbynens.be/demo/url-regex (with a few adjustments,
like allowing local and reserved IPs).

The previous URL validation regex failed this test suite on 13
occasions, the validator was updated based on
https://gist.github.com/dperini/729294.
2015-01-06 14:04:25 -05:00
Danilo Bargen 8b77b64f1c Refactored URLValidator tests by moving URLs to text files. 2014-11-03 13:02:11 -05:00