Contrib.social

[PP-1] `LinkCollection::validKey()` does not properly validate RFC 8288 link relation types

Open on Drupal.org β†’
Created on 26 April 2023, over 1 year ago
Updated 21 May 2024, 6 months ago

Problem/Motivation

The JSON:API spec states

A link object MAY also contain any of the following members:

  • rel: a string indicating the link’s relation type. The string MUST be a valid link relation type.

The linked RFC 8288 describes a valid extension link relation type:

Applications that don't wish to register a relation type can use an
extension relation type, which is a URI [RFC3986] that uniquely
identifies the relation type.

However, LinkCollection::validKey() validates link relation types using a custom-ish(?) method which disallows colons. Colons are valid in URIs, including URNs.

Steps to reproduce

Attempt to utilize a link relation type with a colon, e.g. urn:kinksters-link:cancel.

Proposed resolution

Validate the link relation type per the ABNF in the HTTP linking RFC.

Remaining tasks

Do the thing, add test coverage for this.

User interface changes

None.

API changes

None.

Data model changes

None.

Release notes snippet

Not necessary?

πŸ› Bug report
Status

Postponed

Version

11.0 πŸ”₯

Component
JSON APIΒ  β†’

Last updated 10 days ago

Created by

πŸ‡ΊπŸ‡ΈUnited States bradjones1 Digital Nomad Life

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024