Adjusting widget validation in EPiServer 7.19

D e v e l o p m e n t , E p i s e r v e r
Sven-Erik Jonsson 11.12.2015 01:13:04

If an external url is entered containing a '?' the url is immediately disqualified. Since this is kind of core functionality, I felt the urge to correct it.

The problem

Part of the dojo toolkit included in the EPiServer.Shell.UI module is a validation framework located under /ClientResources/dojox/validate. This functionality is used by various widgets inside EPi for validating input. The regexp.js contains an url method that builds a regular expression.

url: function (flags) {
    // summary:
    //		Builds a regular expression that matches a URL
    // flags: Object?
    //		- flags.scheme  Can be true, false, or [true, false].
    //		-   This means: required, not allowed, or match either one.
    //		- flags in regexp.host can be applied.
    //		- flags in regexp.ipAddress can be applied.

    // assign default values to missing paramters
    flags = (typeof flags == "object") ? flags : {};
    if (!("scheme" in flags)) { flags.scheme = [true, false]; }

    // Scheme RE
    var protocolRE = regexp.buildGroupRE(flags.scheme,
        function (q) { if (q) { return "(https?|ftps?)\\://"; } return ""; }
    );

    // Path and query and anchor RE
    var pathRE = "(/(?:[^?#\\s/]+/)*(?:[^?#\\s/]+(?:\\?[^?#\\s/]*)?(?:#[A-Za-z][\\w.:-]*)?)?)?";

    return protocolRE + dxregexp.host(flags) + pathRE;
}

If you look closely the pathRE variable defines a part of the regular expression excluding '?' at the start. This is also addressed as a defect and discussed on the dojo bug list.

The solution

As a part of an earlier blog post by Mattias Olsson he describes how to override a frontend component. It turns out you can override dojo core components too.

First, locate the .uncompressed.js version of regex. Place it under the /ClientResources/ folder, preferably replicating the /dojox/validate/regexp.js path found in EPiServer.Shell.UI.zip

Correct the pathRE expression, I used the corrected one from the dojo ticket.

// Path and query and anchor RE
var pathRE = "(/(?:)*?([^\\s/])([^?#\\s/]+/)*(?:[^?#\\s/]+(?:\\?[^?#\\s/]*)?(?:#[A-Za-z][\\w.:-]*)?)?)?";

Add the script to module.config, empty the browser cache and recycle the site.

<module>
  <clientResources>
    <add name="epi-cms.widgets.base" path="dojox/validate/regexp.js" resourceType="Script" />
   </clientResources>
</module>

Alternatively not having clientresources mapped, the path may have to be replaced with "~/ClientResources/dojox/validate/regexp.js"

Edit

After some testing we found out that the solution in the dojo ticket wasn't good enough, we ended up using this instead.

// Path and query and anchor RE
var pathRE = "(/(?:)*?([^\\s/])([^\\s/]+/)*(?:[^\\s/]+(?:\\?[^?#\\s/]*)?(?:#[A-Za-z][\\w.:-]*)?)?)?";