WhiteCat22 commented on code in PR #1483:
URL: https://github.com/apache/cxf/pull/1483#discussion_r1380784747
##########
rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/Rfc3986UriValidator.java:
##########
@@ -39,21 +39,28 @@ final class Rfc3986UriValidator {
private static final String LAST = "#(.*)";
- private static final Pattern HTTP_URL = Pattern.compile("^" + SCHEME
+ private static final Pattern HTTP_URL = Pattern.compile("^" + SCHEME
+ "(//(" + USERINFO + "@)?" + HOST + ")?" + PATH
+ "(\\?" + QUERY + ")?" + "(" + LAST + ")?");
private Rfc3986UriValidator() {
}
/**
- * Validate the HTTP URL according to
https://datatracker.ietf.org/doc/html/rfc3986#appendix-B
+ * Validate the HTTP URL according to
https://datatracker.ietf.org/doc/html/rfc3986#appendix-B
* @param uri HTTP schemed URI to validate
* @return "true" if URI matches RFC-3986 validation rules, "false"
otherwise
*/
public static boolean validate(final URI uri) {
// Only validate the HTTP(s) URIs
- if (HttpUtils.isHttpScheme(uri.getScheme())) {
+ if (HttpUtils.isHttpScheme(uri.getScheme())) {
+ // If URI.getHost() returns a host name, validate it and
+ // skip the expensive regular expression logic.
+ final String uriHost = uri.getHost();
Review Comment:
That is a good point that we had not considered.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
