Handling of "External Link" URLs with Non-ASCII Characters

Studio’s URL validator (class UrlValidator) has been extended to optionally reject non-ASCII characters in URLs for External Link documents. For this, a new property url-validator.strict has been introduced. If set to true, the URL validator will report URLs with special characters (non-ASCII) as invalid. Example: https://www.coremedia.com/über-uns. Default is true so that the new validation is active. You may need to replace invalid URLs with their ASCII-encoded representation.

Class UrlValidator received an additional constructor parameter strict for encoding validation.

A new public class UriUtil contains method #sanitize(String) which performs the encoding. This is used for both validation and encoding for delivery (see next paragraph).

Your sites can be configured to sanitize special characters (non-ASCII) in URLs from External Link documents for delivery by the CAE. For this, a new boolean content setting sanitize-external-links has been introduced. If set to true, non-ASCII characters in External Link URLs will be properly encoded. Examples: a URL entered as https://www.coremedia.com/über-uns in Studio will be rendered as https://www.coremedia.com/%C3%BCber-uns (percent-encoding). A URL entered as https://www.münchen.de will be rendered as https://www.mnchen-3ya.de (punycode encoding for International Domain Names). Default is false so that no change to existing delivery is active. To activate, add boolean content setting sanitize-external-links to the settings of your sites’ root pages in Studio and tick the check box on each.

Note that while http(s) URLs will be properly encoded according to general rules (punycode for domain, percent-encoding for all other parts), other schemes (like mailto) may not be handled properly and need to be encoded manually before entering them in Studio.

The Headless Server does not support this sanitization and will deliver External Link URLs as-is like before.

(CMS-25642)