architecture icon indicating copy to clipboard operation
architecture copied to clipboard
verified publisher icon magento

Introduction of url route validator Magento\Framework\Url\RouteValidator

Open cpartica opened this issue 6 years ago • 3 comments

Problem

Validating a url route in M2 is not currently possible. The problem occurred during Domain Whitelist for Configurable 3rd Party Redirects. We just don't have a service class to validate paths, for code re-usage, with that can be injected in all resolvers or classes that need this validator such as PayPal Express and others.

path:"some/path" //validated path

//returns
{
 path: "http://magento.com/some/path"
}

Solution

As this validator doesn't have anything to do with GraphQl, the best place for it is to add a new validator in framework similar to existing \Magento\Framework\Url\Validator. So this new class in framework will need approval.

Looking at the implementation of the \Magento\Framework\Url\Validator it's based on \Zend_Validate_Abstract so it complies with our standard of not using native php functions such as parse parse_url. Nor we would want to use regex.

Requested Reviewers

@melnikovi

cpartica avatar Jul 30 '19 19:07 cpartica

CLA assistant check
All committers have signed the CLA.

magento-cicd2 avatar Jul 30 '19 19:07 magento-cicd2

Can you add rules for valid route?

kandy avatar Jul 31 '19 15:07 kandy

@cpartica Also please make sure the validator rejects path starting with javascript:/data: etc. since 1. they are not useable as redirects. 2. Potentially these URLs maybe used in templates/email templates

AlexMaxHorkun avatar Jul 31 '19 15:07 AlexMaxHorkun