uritools icon indicating copy to clipboard operation
uritools copied to clipboard

Published 20 hours ago verified publisher icon tkem

':' is being considered a valid relative URI

Open Silvanoc opened this issue 2 years ago • 4 comments

Describe the bug The string ":" (simply a colon) is being considered a valid relative URI. But, if I'm reading the specification right, it isn't a valid relative URI.

Expected result uritools.isrelpath(":") returns False

Actual result uritools.isrelpath(":") returns True

Reproduction steps

import uritools
print(uritools.isrelpath(":"))

Silvanoc avatar Oct 10 '23 08:10 Silvanoc

For example, this alternative Python URI validator also rejects ':' as a valid relative URI.

Silvanoc avatar Oct 10 '23 08:10 Silvanoc

This other alternative online validator is also rejecting it: https://0mg.github.io/tools/uri/

Silvanoc avatar Oct 10 '23 08:10 Silvanoc

@Silvanoc: Thanks for your interest! Regarding ":" used as an URI, this is - for better or worse - interpreted as a simple path, and therefore as a valid relative URI:

>>> uritools.urisplit(":")
SplitResultString(scheme=None, authority=None, path=':', query=None, fragment=None)

According to RFC 3986, ":" belongs to

gen-delims  = ":" / "/" / "?" / "#" / "[" / "]" / "@"

and should therefore better be encoded if used in path components. However, uritools tries to follow the robustness principle of be strict in what you server, but be liberal in what you accept, and therefore a single ":" is accepted as a path.

tkem avatar Oct 24 '23 18:10 tkem

and should therefore better be encoded if used in path components

What I read in the RFC 3986 (end of the page) is "the conflicting data MUST be percent-encoded before the URI is formed" (formatting is mine). So I would say that : is not valid URIs according RFC 3986, since it doesn't delimit any data (and would therefore be part of the data).

uritools tries to follow the robustness principle of be strict in what you server, but be liberal in what you accept, and therefore a single ":" is accepted as a path.

IMHO having a strict flag or similar would be helpfull for this purpose. That way uritools could remain by default "liberal" on what it accepts, but get "strict" on demand.

Just to give you some context information. I'm not using uritools mostly due to this behaviour, which would force the project I'm collaborating on to make one of the tests less strict. We have taken a different approach, so whatever feedback I provide you here is just part of my "sharing is caring" mindset. I you don't want it, simply close this issue 🙂

Silvanoc avatar Oct 31 '23 14:10 Silvanoc