sulu: Browser crashes on input of faulty, complex URL in URL Field within backend
| Q | A |
|---|---|
| Sulu Version | 2.1.5 |
| Browser Version | Chrome 87.0.4280.88 / Firefox 83.0 |
Actual Behavior
When you enter a complex, faulty URL (e.g. https://secret-secret-secret-secret-secret.secret-secret.com/de/publicservicedetail?q=elterngeld beantragen&id=8969217&organisationid=208445263 (the space character between “elterngeld” and “beantragen” being the fault)) in an URL input field within the backend, your browser crashes.
Expected Behavior
no browser crashes
Steps to Reproduce
- Log into the backend
- Have an URL input field
- Enter a faulty, complex URL (e.g.
https://secret-secret-secret-secret-secret.secret-secret.com/de/publicservicedetail?q=elterngeld beantragen&id=8969217&organisationid=208445263)
Possible Solutions
You can quick check the the behaviour here https://regexr.com/5hisv Since this seems to be no sulu-specific bug, but a browser issue, I see only 2 options:
- optimize/simplify the Regex to work around the faulty JavaScript RegEx implementation
- Fix the JavaScript RegEx implementation
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 2
- Comments: 15 (15 by maintainers)
Since we’ve added the possibility to define json-schema per field type recently, we could use that for validation. The
uriformat is even included in the spec (https://json-schema.org/understanding-json-schema/reference/string.html#resource-identifiers)I personally would remove the regex as today there with kind of things like applinks e.g.
myapp://or other things I don’t really see why we should add any validation. Also I think the regex does not support IPv6 which would also be more complicated as see for example the Symfony Url Validator.The browser
<input type="url">itself a valid url is all which has a urlscheme://restofurl the schema does only support there onlya-zand-, the url can have any character with our select for schema I really don’t see any need to validate the url as in our case the urlscheme is dropdown and can not be input false and the rest should support any characters.Personally from me the browser (Firefox 83) did not crash but did freeze for about 30 seconds, until I could do something again in that tab.