Handle an image ref with scheme#4739
Conversation
|
Hi @kzys. Thanks for your PR. I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Build succeeded.
|
There was a problem hiding this comment.
wondering if checking for :// would be sufficient (if strings.Contains(s, "://")), as its only for detection, and we're not really interested if the scheme is "valid"
There was a problem hiding this comment.
Good point. I was initially trying to cover schemes that don't have // such as mailto: and news: (according to https://tools.ietf.org/html/rfc1738#page-19), but eventually gave up. Let me update the PR to simplify.
There was a problem hiding this comment.
Yes, I think for this case, it's not important to be "fully correct"; we're only interested in "any scheme"; it's an enhancement over the current validation, so it's likely ok if a mailto:, javascript: or news: would accidentally fall through (I expect those to fail further down as well)
An image ref must be a scheme-less URI. A reference with scheme (such as `http://`) must return ErrInvalid. Signed-off-by: Kazuyoshi Kato <[email protected]>
|
Build succeeded.
|
6 participants
An image ref must be a scheme-less URI. A reference with scheme (such
as
http://) must return ErrInvalid.Signed-off-by: Kazuyoshi Kato [email protected]