zod
zod copied to clipboard
colinhacks
Use regex for `.url()`
Fixes issue where url can be anything due to new URL not correctly handling certain cases.
I took this url regex from a personal lib that I have up here which was originally adopted from In search of the perfect URL validation regex
Should fix:
- #2256
- #2236
To clarify, I’m looking for a decent regular expression to validate URLs that were entered as user input with. I have no interest in parsing a list of URLs from a given string of text (even though some of the regexes on this page are capable of doing that). I also don’t want to allow every possible technically valid URL — quite the opposite. See the URL Standard if you’re looking to parse URLs in the same way that browsers do.
Assume that this regex will be used for a public URL shortener written in PHP, so URLs like
http://localhost/, //foo.bar/, ://foo.bar/, data:text/plain;charset=utf-8,OHAI and tel:+1234567890shouldn’t pass (even though they’re technically valid). Also, in this case I only want to allow the HTTP, HTTPS and FTP protocols.
This is a good point! However, I believe the valid URL should follow the standard to ensure the library is suitable for general use cases. If we need something more explicit or specific, it should be defined within the application itself.
In my case, the app's custom schema (deeplink steam://run) appears to be a valid URL for me.
The issue is that the URL class is specific to the WebAPI, so the output might vary between different JavaScript runtimes. Therefore, we should to change the URL validation method while ensuring it still complies with the standard.
@colinhacks what would you like to see for something like this PR to be merged?
Maybe it would be a good time to add more maintainers.
So many people depend on this library.
Yet the progress is stagnating.
This is NOT a dig at @colinhacks. I think it is super hard to maintain open-source software at scale.
It is just the project is at scale where a larger maintainer base would help to push it forward.
