Url validation failed

[velocityzen]

What version of Ajv are you using? Does the issue happen if you use the latest version?
[email protected]

Ajv options object

{allErrors: true}

JSON Schema

{ 
 "type": "string",
 "format": "url"
}

Sample data

'https://localhost:3000/#test'

Your code

let Ajv = require('ajv')
let v = new Ajv(options)
v.validate(scheme, data);
console.log(v.errors);

Validation result, data AFTER validation, error messages

[ { keyword: 'format',
    dataPath: '',
    schemaPath: '#/format',
    params: { format: 'url' },
    message: 'should match format "url"' } ]

What results did you expect?
It is a correct URL

Are you going to resolve the issue?
nope

[epoberezkin]

@gajus does it not allow hash fragment?

@velocityzen you can use "uri" as an alternative, "url" is an additional format.

[gajus]

It does.

The issue here is "localhost". The current regex does not allow TLD-less domains.

Ideally, this should be a configurable option.

[epoberezkin]

@gajus Thank you. Should it allow? Or not really?

[gajus]

See the note at:

Assume that this regex will be used for a public URL shortener written in PHP, so URLs like https://localhost/, //foo.bar/, :https://foo.bar/, data:text/plain;charset=utf-8,OHAI and tel:+1234567890 shouldn’t pass (even though they’re technically valid). Also, in this case I only want to allow the HTTP, HTTPS and FTP protocols.

– https://mathiasbynens.be/demo/url-regex

I'd say it shouldn't. In most cases it would produce unexpected result. It could even be used as an attack vector.

I'd recommend that in the case user requires non-public URLs (such localhost, date URIs, tel, skype, etc.) it should be implemented in the user-space.

[epoberezkin]

I'd recommend that in the case user requires non-public URLs (such localhost, date URIs, tel, skype, etc.) it should be implemented in the user-space.

There is "uri" format for that. Thank you, it's all ok then.