Update the regexp for the URL validator

Nicklas Ansman Giertz · Nicklas Ansman Giertz · commit f42d0ac4b946 · 2016-09-06T10:50:51.000+02:00
diff --git a/specs/validators/url-spec.js b/specs/validators/url-spec.js
@@ -47,7 +47,6 @@ describe("validators.url", function() {
     expect(url("http://foo.bar/foo(bar)baz quux", {})).toBeDefined();
     expect(url("ftps://foo.bar/", {})).toBeDefined();
     expect(url("http://-error-.invalid/", {})).toBeDefined();
-    expect(url("http://a.b--c.de/", {})).toBeDefined();
     expect(url("http://-a.b.co", {})).toBeDefined();
     expect(url("http://a.b-.co", {})).toBeDefined();
     expect(url("http://0.0.0.0", {})).toBeDefined();
@@ -105,6 +104,7 @@ describe("validators.url", function() {
     expect(url("http://1337.net", {})).not.toBeDefined();
     expect(url("http://a.b-c.de", {})).not.toBeDefined();
     expect(url("http://223.255.255.254", {})).not.toBeDefined();
+    expect(url("http://a.b--c.de/", {})).not.toBeDefined();
   });
 
   it("allows local url and private networks if option is set", function() {
diff --git a/validate.js b/validate.js
@@ -1095,48 +1095,46 @@
       // https://gist.github.com/dperini/729294
       var regex =
         "^" +
-          // schemes
-          "(?:(?:" + schemes.join("|") + "):\\/\\/)" +
-          // credentials
-          "(?:\\S+(?::\\S*)?@)?";
-
-      regex += "(?:";
+        // protocol identifier
+        "(?:(?:" + schemes.join("|") + ")://)" +
+        // user:pass authentication
+        "(?:\\S+(?::\\S*)?@)?" +
+        "(?:";
 
       var tld = "(?:\\.(?:[a-z\\u00a1-\\uffff]{2,}))";
 
-      // This ia a special case for the localhost hostname
       if (allowLocal) {
         tld += "?";
       } else {
-        // private & local addresses
         regex +=
-          "(?!10(?:\\.\\d{1,3}){3})" +
-          "(?!127(?:\\.\\d{1,3}){3})" +
-          "(?!169\\.254(?:\\.\\d{1,3}){2})" +
-          "(?!192\\.168(?:\\.\\d{1,3}){2})" +
-          "(?!172" +
-          "\\.(?:1[6-9]|2\\d|3[0-1])" +
-          "(?:\\.\\d{1,3})" +
-          "{2})";
-      }
-
-      var hostname =
-          "(?:(?:[a-z\\u00a1-\\uffff0-9]+-?)*[a-z\\u00a1-\\uffff0-9]+)" +
-          "(?:\\.(?:[a-z\\u00a1-\\uffff0-9]+-?)*[a-z\\u00a1-\\uffff0-9]+)*" +
-          tld + ")";
-
-      // reserved addresses
+          // IP address exclusion
+          // private & local networks
+          "(?!(?:10|127)(?:\\.\\d{1,3}){3})" +
+          "(?!(?:169\\.254|192\\.168)(?:\\.\\d{1,3}){2})" +
+          "(?!172\\.(?:1[6-9]|2\\d|3[0-1])(?:\\.\\d{1,3}){2})";
+      }
+
       regex +=
+          // IP address dotted notation octets
+          // excludes loopback network 0.0.0.0
+          // excludes reserved space >= 224.0.0.0
+          // excludes network & broacast addresses
+          // (first & last IP address of each class)
           "(?:[1-9]\\d?|1\\d\\d|2[01]\\d|22[0-3])" +
           "(?:\\.(?:1?\\d{1,2}|2[0-4]\\d|25[0-5])){2}" +
           "(?:\\.(?:[1-9]\\d?|1\\d\\d|2[0-4]\\d|25[0-4]))" +
         "|" +
-          hostname +
-          // port number
-          "(?::\\d{2,5})?" +
-          // path
-          "(?:[/?#]\\S*)?" +
-        "$";
+          // host name
+          "(?:(?:[a-z\\u00a1-\\uffff0-9]-*)*[a-z\\u00a1-\\uffff0-9]+)" +
+          // domain name
+          "(?:\\.(?:[a-z\\u00a1-\\uffff0-9]-*)*[a-z\\u00a1-\\uffff0-9]+)*" +
+          tld +
+        ")" +
+        // port number
+        "(?::\\d{2,5})?" +
+        // resource path
+        "(?:[/?#]\\S*)?" +
+      "$";
 
       var PATTERN = new RegExp(regex, 'i');
       if (!PATTERN.exec(value)) {
