On Tue, Oct 12, 2021 at 04:42:01PM -0400, Jeff King wrote:
> That may be so for hostnames in general, but URLs seem to allow it. RFC
> 3986 says:
>
> host = IP-literal / IPv4address / reg-name
> reg-name = *( unreserved / pct-encoded / sub-delims )
> unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
>
> So underscore is definitely allowed in the host portion. Our code
> complains during url_normalize(), in this code:
>
> if (allow_globs)
> spanned = strspn(url, URL_HOST_CHARS "*");
> else
> spanned = strspn(url, URL_HOST_CHARS);
>
> if (spanned < colon_ptr - url) {
> /* Host name has invalid characters */
> if (out_info) {
> out_info->url = NULL;
> out_info->err = _("invalid characters in host name");
> }
> strbuf_release(&norm);
> return NULL;
> }
>
> because earlier we define URL_HOST_CHARS without underscore:
>
> #define URL_HOST_CHARS URL_ALPHADIGIT ".-[:]" /* IPv6 literals need [:] */
>
> I'm not sure why, given that this otherwise seems to match according to
> the rfc. This code comes from 3402a8dc48 (config: add helper to
> normalize and match URLs, 2013-07-31), but there's no mention of
> underscore there. Possibly it came from earlier rules (rfc1738, for
> example, has a stricter grammar that allows only alphabit and dashes).
Sorry, I meant to cc the author of 3402a8dc48, which I've now done. It's
been a while, but maybe he remembers something (I couldn't find anything
digging in the archive, either).
-Peff
