-
Notifications
You must be signed in to change notification settings - Fork 17.5k
-
Notifications
You must be signed in to change notification settings - Fork 17.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net/url: parsing URLs with port > 65536 should fail #69443
Comments
The existing implementation does not validate that the port number is in the allowed range. WHATWG URL Living Standard mandates that parsing URLs with invalid ports fails: https://url.spec.whatwg.org/#port-out-of-range Fixes golang#69443.
Change https://go.dev/cl/613035 mentions this issue: |
The net/url package tries to follow RFC 3986, which does not impose any limit on the port number. In particular net/url works for schemes other than http, and there is no requirement that it based on TCP. Admittedly in practice it is based on TCP, so this may be splitting hairs. But I'm concerned that adding this kind of check will break existing working code. Naturally actually attempting to use an HTTP URL with a large port will fail with an error like I'm not really opposed to making this kind of change, I just want to raise the opposing viewpoint. |
I recall a bit the frustration that occurred when we introduced ports needing to be strictly decimal. There were a few libraries (particularly MySQL’s driver) that broke because their DSNs were using |
Go version
go version go1.22.0 darwin/arm64
Output of
go env
in your module/workspace:What did you do?
url.Parse("https://example.org:70000")
What did you see happen?
Parsing succeeds, and no error is returned.
What did you expect to see?
Per the WHATWG Living Standard (and, if I'm not mistaken, internet RFCs), parsing should fail because the port is out of range: https://url.spec.whatwg.org/#port-out-of-range
The text was updated successfully, but these errors were encountered: