uri-template validator rejects valid RFC6570 operators and accepts invalid prefix modifiers #22
Description
Description
While reviewing the uri-template format validator, I noticed several cases where the current implementation appears inconsistent with RFC 6570 syntax.
The validator in:
src/rfc6570.js
builds a regex grammar that currently defines:
operator = (?:[+#]|[./;?&][=,!@|])
maxLength = (?:[1-9]|\d{0,3})
According to RFC 6570 Section 2, the grammar should be:
operator = op-level2 / op-level3 / op-reserve
max-length = %x31-39 0*3DIGIT
Implications:
-
Operators are single characters (
+ # . / ; ? &etc.) -
Prefix modifiers must be 1–9999, without leading zeros
However the current implementation:
-
rejects valid Level-3 operators
-
accepts invalid two-character operators
-
allows empty or zero prefix modifiers
-
rejects valid four-digit prefixes
Reproduction
Observed behavior with current main (aef70f7, npm 1.0.1):
Minimal reproduction:
import { isUriTemplate } from "@hyperjump/json-schema-formats";
isUriTemplate("{/var}") // false
isUriTemplate("{.=var}") // true
isUriTemplate("{var:}") // true
isUriTemplate("{var:9999}") // false
Cause
The regex fragments produce:
-
Level-3 operators interpreted as two-character tokens
-
Prefix modifier grammar allowing empty or zero values
-
Prefix modifier limited to ≤3 digits
These behaviors follow directly from the current regex construction.
Possible Fix
In src/rfc6570.js:
const operator = `(?:${opLevel2}|${opLevel3}|${opReserve})`;
const maxLength = `[1-9]\\d{0,3}`;
This aligns with RFC 6570:
-
operators are single-character
-
prefix modifiers are 1–9999
Notes
This does not appear to be a subset implementation: the regex already includes Level-3 and Level-4 constructs but parses them incorrectly.
Test coverage for uri-template in the JSON Schema Test Suite is minimal and does not currently include these cases.
Environment
@hyperjump/json-schema-formats 1.0.1
commit aef70f7
Node.js 20
Sources
RFC 6570 Section 2
https://www.rfc-editor.org/rfc/rfc6570.html