0

According MDN Web docs, the Host HTTP header has syntax

<host>:<port>

where the port is optional. If it is all of the requirements, the checker will be just

^(?:\w+(?::\d+)?$)|(?:(\w+\.)+\w+(?::\d+)?)$

First alternative of the regular expression covers first two below cases, and the second alternative covers last two cases:

asdf
asdf:12333
asdf.asdf:123
asdf.asdf.asdf:123

Regular expression fiddle

But did not I missed something? For example, the port number could not be arbitrary large or 00001... Or the host part could include some special characters like n-dashes... Or maybe it could not be checked just by regular expression?

Takeshi Tokugawa YD
  • 670
  • 5
  • 40
  • 124
  • See [regexp for numeric range](https://stackoverflow.com/questions/22130429/using-regular-expressions-to-validate-a-numeric-range) – Barmar Dec 15 '21 at 04:12
  • 1
    Leading zeroes are allowed. – Barmar Dec 15 '21 at 04:14
  • 1
    `\w` match `_`, which isn't allowed in hostnames. It doesn't include `-`, which is allowed. – Barmar Dec 15 '21 at 04:15
  • 3
    Why do you need to validate it syntactically? All that really matters is if it matches one of your virtual hosts. If it doesn't match, what difference does it make whether the syntax is correct or not? – Barmar Dec 15 '21 at 04:17
  • 1
    Your pattern can be shortened to `^\w+(?:\.\w+)*(?::\d+)?$` You could broaden the range of the word characters like `^[^\s.]*(?:\.[^\s.]*)*(?::\d+)?$` and then for the digit part create a specific range of allowed numbers. – The fourth bird Dec 15 '21 at 07:30
  • @Barmar, thank you for the comments. "Why do you need to validate it syntactically?" - maybe I don't need. If it does not require for the (development of) secure framework, I don't need to check is statically. – Takeshi Tokugawa YD Dec 16 '21 at 06:08

0 Answers0