URI validator rejects query param square brackets

[elliotblackburn]

Context

• node version: 9.7.1
• joi version: 11.4.0
• environment (node, browser): node
• used with (hapi, standalone, ...): standalone
• any other relevant information:

What I am trying to achieve

I am working on a service which consumes URL's from potentially any web site / web app / web service. We have recently come across a URL which makes use of square brackets in the query param of the URI (after the question mark). For example:

https://example.com?abc[]=123&abc[]=456

According to RFC 3986 the URI producer should be precent encoding square brackets in the query params. After searching around I came across this break down of the RFC and how it applies in this situation. After reading through the RFC it would seem that while it is not to standard to produce these URI's, the standard suggests that these URI's should still be accepted.

RFC 3986 - Section 2.2. Reserved Characters

URI producing applications should percent-encode data octets that
correspond to characters in the reserved set unless these characters
are specifically allowed by the URI scheme to represent data in that
component. If a reserved character is found in a URI component and
no delimiting role is known for that character, then it must be
interpreted as representing the data octet corresponding to that
character's encoding in US-ASCII.

In our most recent instance, we found a URL using this format from a major UK ISP website (https://signup.nowtv.com/broadband/configurator/?p[]=ADSL&o[]=SAVER_OFFER).

It would seem to me that the validation should pass and accept non-encoded square brackets in a query parameter, if nothing because there are URI's in the wild which are doing this. That said, I'm sure this may generate some significant discussion and opinion.

Code to reproduce

Sample code:

const Joi = require('joi');

const schema = Joi.object().keys({
    url: Joi.string().uri()
});

const resOne = Joi.validate({url: 'https://example.com?abc[]=123&abc[]=456'}, schema);

console.log(resOne);
// => ValidationError: child "url" fails because ["url" must be a valid uri]

const resTwo = Joi.validate({url: 'https://example.com?abc=123&abc=456'}, schema);
console.log(resTwo);
// => error: null (passes validation)

[BolajiOlajide]

Can you update the variable names as resOne appears twice? @BlueHatbRit

[Marsup]

If you're up to it, feel free to submit a PR.

[BolajiOlajide]

Yes sure.

[BolajiOlajide]

Submitted a PR....

[lock]

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.