Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed Scheme validation to reject schemes with non-alphanumeric characters #171

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

JohnJamesUtley
Copy link

Background

RFC 3986 defines a scheme as follows

scheme        = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )

The Bug

Furl will accept non-alphanumeric characters in its schemes

import furl
f = furl.furl('sch^eme://[email protected]')
print(f.scheme)

In this example, Furl will currently print the scheme as 'sch^eme'. This is in violation of RFC 3896 because of the '^' character.

The Pull Request

  • Has Furl's scheme setter confirm the schemes validity
  • Fixes is_scheme_valid to actually check if the scheme is valid
    • Used to always return true even if the regex did not match
  • Adds tests to confirm that Furl will no longer accept schemes with invalid characters

furl/furl.py Outdated
Comment on lines 1428 to 1430
if scheme is not None and scheme != '':
if is_valid_scheme(scheme) == False:
raise ValueError("Invalid Scheme: " + scheme)

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if scheme is not None and scheme != '':
if is_valid_scheme(scheme) == False:
raise ValueError("Invalid Scheme: " + scheme)
if scheme and not is_valid_scheme(scheme):
raise ValueError("Invalid scheme")

@JohnJamesUtley JohnJamesUtley force-pushed the fix-scheme-characters branch from 0afe272 to f10e58d Compare April 25, 2023 20:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants