#32874: Allow URLValidator to accept schema relative URLs
-------------------------------------+-------------------------------------
Reporter: Maciej Strömich | Owner: Zoltán
| Szatmáry
Type: New feature | Status: closed
Component: Core (Other) | Version: 3.2
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Carlton Gibson):
* status: assigned => closed
* resolution: => wontfix
Comment:
After review by the Django Security Team, we're going to close this as
wontfix.
Protocol relative URLs are something of a legacy from times before HTTPS
was the norm, and their use now is generally discouraged. (e.g.
[https://webhint.io/docs/user-guide/hints/hint-no-protocol-relative-urls/
modern linters will flag them].)
What's more URLs are used in many non-web contexts, where the lack of a
scheme is not valid.
As such it's not something we want to add to URLValidator.
As with other similar cases, if users want to accept such URLs in their
application, a custom validator is the way forward.
--
Ticket URL: <https://code.djangoproject.com/ticket/32874#comment:7>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/072.fa3bed9c425809a05fd2a5d6ee8a0c9f%40djangoproject.com.
