New Uri.parse and validation.

tests/corelib/uri_test.dart

 // Copyright (c) 2012, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 library uriTest;
 
 import "package:expect/expect.dart";
 import 'dart:convert';
 
 testUri(String uri, bool isAbsolute) {
@@ skipping 106 matching lines @@
                       base.resolve("../g;p/h;s").toString());
 }
 
 void testResolvePath(String expected, String path) {
   Expect.equals(expected, new Uri().resolveUri(new Uri(path: path)).path);
   Expect.equals(
       "http://localhost$expected",
       Uri.parse("http://localhost").resolveUri(new Uri(path: path)).toString());
 }
 
+const ALPHA = r"abcdefghijklmnopqrstuvwxuzABCDEFGHIJKLMNOPQRSTUVWXUZ";
+const DIGIT = r"0123456789";
+const PERCENT_ENCODED = "%00%ff";
+const SUBDELIM = r"!$&'()*+,;=";
+
+const SCHEMECHAR = "$ALPHA$DIGIT+-.";
+const UNRESERVED = "$ALPHA$DIGIT-._~";
+const REGNAMECHAR = "$UNRESERVED$SUBDELIM$PERCENT_ENCODED";
+const USERINFOCHAR = "$REGNAMECHAR:";
+
+const PCHAR_NC = "$UNRESERVED$SUBDELIM$PERCENT_ENCODED@";
+const PCHAR = "$PCHAR_NC:";
+const QUERYCHAR = "$PCHAR/?";
+
+void testValidCharacters() {
+  // test that all valid characters are accepted.
+
+  for (var scheme in ["", "$SCHEMECHAR$SCHEMECHAR:"]) {
+    for (var userinfo in ["", "@", "$USERINFOCHAR$USERINFOCHAR@",
+                          "$USERINFOCHAR:$DIGIT@"]) {
+      for (var host in ["", "$REGNAMECHAR$REGNAMECHAR",
+                        "255.255.255.256",  // valid reg-name.
+                        "[ffff::ffff:ffff]", "[ffff::255.255.255.255]"]) {
+        for (var port in ["", ":$DIGIT$DIGIT"]) {
+          var auth = "$userinfo$host$port";
+          if (auth.isNotEmpty) auth = "//$auth";
+          var paths = ["", "/", "/$PCHAR", "/$PCHAR/"];  // Absolute or empty.
+          if (auth.isNotEmpty) {
+            // Initial segment may be empty.
+            paths..add("//$PCHAR");
+          } else {
+            // Path may begin with non-slash.
+            if (scheme.isEmpty) {
+              // Initial segment must not contain colon.
+              paths..add(PCHAR_NC)
+                   ..add("$PCHAR_NC/$PCHAR")
+                   ..add("$PCHAR_NC/$PCHAR/");
+            } else {
+              paths..add(PCHAR)
+                   ..add("$PCHAR/$PCHAR")
+                   ..add("$PCHAR/$PCHAR/");
+            }
+          }
+          for (var path in paths) {
+            for (var query in ["", "?", "?$QUERYCHAR"]) {
+              for (var fragment in ["", "#", "#$QUERYCHAR"]) {
+                var uri = "$scheme$auth$path$query$fragment";
+                // Should not throw.
+                var result = Uri.parse(uri);
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
+
+void testInvalidUrls() {
+  void checkInvalid(uri) {
+    try {
+      var result = Uri.parse(uri);
+      Expect.fail("Invalid URI `$uri` parsed to $result\n" + dump(result));
+    } on FormatException {
+      // Success.
+    }
+  }
+  checkInvalid("s%41://x.x/");      // No escapes in scheme,
+                                    // and no colon before slash in path.
+  checkInvalid("1a://x.x/");        // Scheme must start with letter,
+                                    // and no colon before slash in path.
+  checkInvalid(".a://x.x/");        // Scheme must start with letter,
+                                    // and no colon before slash in path.
+  checkInvalid("_:");               // Character not valid in scheme,
+                                    // and no colon before slash in path.
+  checkInvalid(":");                // Scheme must start with letter,
+                                    // and no colon before slash in path.
+
+  void checkInvalidReplaced(uri, invalid, replacement) {
+    var source = uri.replaceAll('{}', invalid);
+    var expected = uri.replaceAll('{}', replacement);
+    var result = Uri.parse(source);
+    Expect.equals(expected, "$result", "Source: $source\n${dump(result)}");
+  }
+
+  // Regression test for http://dartbug.com/16081
+  checkInvalidReplaced("http://www.example.org/red%09ros{}#red)",
+                       "\u00e9", "%C3%A9");
+  checkInvalidReplaced("http://r{}sum\{}.example.org", "\u00E9", "%C3%A9");
+
+  // Invalid characters. The characters must be rejected, even if normalizing
+  // the input would cause them to be valid (normalization happens after
+  // validation).
+  var invalidCharsAndReplacements = [
+    "\xe7",      "%C3%A7",       // Arbitrary non-ASCII letter
+    " ",         "%20",          // Space, not allowed anywhere.
+    '"',         "%22",          // Quote, not allowed anywhere
+    "\x7f",      "%7F",          // DEL, not allowed anywhere
+    "\xdf",      "%C3%9F",       // German lower-case scharf-S.
+                                 // Becomes ASCII when upper-cased.
+    "\u0130",    "%C4%B0",       // Latin capital dotted I,
+                                 // becomes ASCII lower-case in Turkish.
+    "%\uFB03",   "%25%EF%AC%83", // % + Ligature ffi,
+                                 // becomes ASCII when upper-cased,
+                                 // should not be read as "%FFI".
+    "\u212a",    "%E2%84%AA",    // Kelvin sign. Becomes ASCII when lower-cased.
+    "%1g",       "%251g",        // Invalid escape.
+    "\u{10000}", "%F0%90%80%80", // Non-BMP character as surrogate pair.
+  ];
+  for (int i = 0; i < invalidCharsAndReplacements.length; i += 2) {
+    var invalid = invalidCharsAndReplacements[i];
+    var valid = invalidCharsAndReplacements[i + 1];
+    checkInvalid("A{}b:///".replaceAll('{}', invalid));
+    checkInvalid("{}b:///".replaceAll('{}', invalid));
+    checkInvalidReplaced("s://user{}info@x.x/", invalid, valid);
+    checkInvalidReplaced("s://reg{}name/", invalid, valid);
+    checkInvalid("s://regname:12{}45/".replaceAll("{}", invalid));
+    checkInvalidReplaced("s://regname/p{}ath/", invalid, valid);
+    checkInvalidReplaced("/p{}ath/", invalid, valid);
+    checkInvalidReplaced("p{}ath/", invalid, valid);
+    checkInvalidReplaced("s://regname/path/?x{}x", invalid, valid);
+    checkInvalidReplaced("s://regname/path/#x{}x", invalid, valid);
+    checkInvalidReplaced("s://regname/path/??#x{}x", invalid, valid);
+  }
+
+  // At most one @ in userinfo.
+  checkInvalid("s://x@x@x.x/");
+  // No colon in host except before a port.
+  checkInvalid("s://x@x:x/");
+  // At most one port.
+  checkInvalid("s://x@x:9:9/");
+  // At most one #.
+  checkInvalid("s://x/x#foo#bar");

[Søren Gjesse, 2014/06/19 07:39:43]

So we do not escape the second #?

[Lasse Reichstein Nielsen, 2014/06/19 08:44:58]

No. The '#' is a gen-delim, so we don't escape it. You can't have more than one
"#" in a URI.

+  // Colon in host implies port and port may not be empty.
+  checkInvalid("s://:/");
+  // @ not allowed in scheme.
+  checkInvalid("s@://x:9/x?x#x");
+}
+
+void testNormalization() {
+  // The Uri constructor and the Uri.parse function performs RFC-3986
+  // syntax based normalization.
+
+  var uri;
+
+  // Scheme: Only case normalization. Schemes cannot contain escapes.
+  uri = Uri.parse("A:");
+  Expect.equals("a", uri.scheme);
+  uri = Uri.parse("Z:");
+  Expect.equals("z", uri.scheme);
+  uri = Uri.parse("$SCHEMECHAR:");
+  Expect.equals(SCHEMECHAR.toLowerCase(), uri.scheme);
+
+  // Percent escape normalization.
+  // Escapes of unreserved characters are converted to the character,
+  // subject to case normalization in reg-name.
+  for (var i = 0; i < UNRESERVED.length; i++) {
+    var char = UNRESERVED[i];
+    var escape = "%" + char.codeUnitAt(0).toRadixString(16);  // all > 0xf.
+
+    uri = Uri.parse("s://xX${escape}xX@yY${escape}yY/zZ${escape}zZ"
+                    "?vV${escape}vV#wW${escape}wW");
+    Expect.equals("xX${char}xX", uri.userInfo);
+    Expect.equals("yY${char}yY".toLowerCase(), uri.host);
+    Expect.equals("/zZ${char}zZ", uri.path);
+    Expect.equals("vV${char}vV", uri.query);
+    Expect.equals("wW${char}wW", uri.fragment);
+  }
+
+  // Escapes of reserved characters are kept, but upper-cased.
+  for (var escape in ["%00", "%1f", "%7F", "%fF"]) {
+    uri = Uri.parse("s://xX${escape}xX@yY${escape}yY/zZ${escape}zZ"
+                    "?vV${escape}vV#wW${escape}wW");
+    var normalizedEscape = escape.toUpperCase();
+    Expect.equals("xX${normalizedEscape}xX", uri.userInfo);
+    Expect.equals("yy${normalizedEscape}yy", uri.host);
+    Expect.equals("/zZ${normalizedEscape}zZ", uri.path);
+    Expect.equals("vV${normalizedEscape}vV", uri.query);
+    Expect.equals("wW${normalizedEscape}wW", uri.fragment);
+  }
+
+  // Some host normalization edge cases.
+  uri = Uri.parse("x://x%61X%41x%41X%61x/");
+  Expect.equals("xaxaxaxax", uri.host);
+
+  uri = Uri.parse("x://Xxxxxxxx/");
+  Expect.equals("xxxxxxxx", uri.host);
+
+  uri = Uri.parse("x://xxxxxxxX/");
+  Expect.equals("xxxxxxxx", uri.host);
+
+  uri = Uri.parse("x://xxxxxxxx%61/");
+  Expect.equals("xxxxxxxxa", uri.host);
+
+  uri = Uri.parse("x://%61xxxxxxxx/");
+  Expect.equals("axxxxxxxx", uri.host);
+
+  uri = Uri.parse("x://X/");
+  Expect.equals("x", uri.host);
+
+  uri = Uri.parse("x://%61/");
+  Expect.equals("a", uri.host);
+}
+
 main() {
   testUri("http:", true);
   testUri("file://", true);
   testUri("file", false);
   testUri("http://user@example.com:8080/fisk?query=89&hest=silas", true);
   testUri("http://user@example.com:8080/fisk?query=89&hest=silas#fragment",
           false);
   Expect.stringEquals("http://user@example.com/a/b/c?query#fragment",
                       new Uri(
                           scheme: "http",
@@ skipping 118 matching lines @@
   testEncodeDecodeComponent(s, "%F0%90%80%80");
   testEncodeDecodeQueryComponent("A + B", "A+%2B+B", "A+%2B+B", "A+%2B+B");
   testEncodeDecodeQueryComponent(
       "æ ø å", "%C3%A6+%C3%B8+%C3%A5", "%E6+%F8+%E5", null);
 
   // Invalid URI - : and @ is swapped, port ("host") should be numeric.
   Expect.throws(
       () => Uri.parse("file://user@password:host/path"),
       (e) => e is FormatException);
 }
+
+String dump(Uri uri) {
+  return "URI: $uri\n"
+      "  Scheme:    ${uri.scheme} #${uri.scheme.length}\n"
+      "  User-info: ${uri.userInfo} #${uri.userInfo.length}\n"
+      "  Host:      ${uri.host} #${uri.host.length}\n"
+      "  Port:      ${uri.port}\n"
+      "  Path:      ${uri.path} #${uri.path.length}\n"
+      "  Query:     ${uri.query} #${uri.query.length}\n"
+      "  Fragment:  ${uri.fragment} #${uri.fragment.length}\n";
+}