More validation of URL charaters in XHTML ```a``` and ```img```

org.hl7.fhir.utilities/src/main/java/org/hl7/fhir/utilities/i18n/I18nConstants.java

@@ -225,6 +225,7 @@ public class I18nConstants {
   public final static String XHTML_XHTML_ELEMENT_ILLEGAL = "XHTML_XHTML_Element_Illegal";
   public final static String XHTML_XHTML_NAME_INVALID = "XHTML_XHTML_Name_Invalid";
   public final static String XHTML_XHTML_NS_INVALID = "XHTML_XHTML_NS_InValid";
+  public final static String XHTML_URL_INVALID = "XHTML_URL_INVALID";
   public final static String _DT_FIXED_WRONG = "_DT_Fixed_Wrong";
   public final static String ALL_OBSERVATIONS_SHOULD_HAVE_AN_EFFECTIVEDATETIME_OR_AN_EFFECTIVEPERIOD = "All_observations_should_have_an_effectiveDateTime_or_an_effectivePeriod";
   public final static String ALL_OBSERVATIONS_SHOULD_HAVE_A_PERFORMER = "All_observations_should_have_a_performer";

org.hl7.fhir.utilities/src/main/resources/Messages.properties

@@ -431,3 +431,4 @@ documentmsg = (document)
 xml_attr_value_invalid = The XML Attribute {0} has an illegal character
 xml_encoding_invalid = The XML encoding is invalid (must be UTF-8)
 xml_stated_encoding_invalid = The XML encoding stated in the header is invalid (must be "UTF-8" if stated)
+XHTML_URL_INVALID = The URL {0} is not valid

org.hl7.fhir.validation/src/main/java/org/hl7/fhir/validation/instance/InstanceValidator.java

@@ -26,6 +26,7 @@ import static org.apache.commons.lang3.StringUtils.isNotBlank;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.net.URL;
 import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.Collection;
@@ -1950,6 +1951,7 @@ public class InstanceValidator extends BaseValidator implements IResourceValidat
         rule(errors, IssueType.INVALID, e.line(), e.col(), path, "div".equals(xhtml.getName()), I18nConstants.XHTML_XHTML_NAME_INVALID, ns);
         // check that no illegal elements and attributes have been used
         checkInnerNames(errors, e, path, xhtml.getChildNodes());
+        checkUrls(errors, e, path, xhtml.getChildNodes());
       }
     }
 
@@ -1998,6 +2000,35 @@ public class InstanceValidator extends BaseValidator implements IResourceValidat
     }
   }
 
+  private void checkUrls(List<ValidationMessage> errors, Element e, String path, List<XhtmlNode> list) {
+    for (XhtmlNode node : list) {
+      if (node.getNodeType() == NodeType.Element) {
+        if ("a".equals(node.getName())) {
+          rule(errors, IssueType.INVALID, e.line(), e.col(), path, isValidUrl(node.getAttribute("href")), I18nConstants.XHTML_URL_INVALID, node.getAttribute("href"));
+        } else if ("img".equals(node.getName())) {
+          rule(errors, IssueType.INVALID, e.line(), e.col(), path, isValidUrl(node.getAttribute("src")), I18nConstants.XHTML_URL_INVALID, node.getAttribute("src"));
+        }
+        checkUrls(errors, e, path, node.getChildNodes());
+      }
+    }
+  }
+
+  private boolean isValidUrl(String value) {
+    if (value == null) {
+      return true;
+    }
+    try {
+      for (char ch : value.toCharArray()) {
+        if (!(Character.isDigit(ch) || Character.isAlphabetic(ch) || Utilities.existsInList(ch, ';', '?', ':', '@', '&', '=', '+', '$', '.', ',', '/', '%'))) {
+          return false;
+        }
+      }
+      return true;
+    } catch (Exception e) {
+      return false;
+    }
+  }
+
   private void checkInnerNS(List<ValidationMessage> errors, Element e, String path, List<XhtmlNode> list) {
     for (XhtmlNode node : list) {
       if (node.getNodeType() == NodeType.Element) {

pom.xml

@@ -17,7 +17,7 @@
 
     <properties>
         <hapi_fhir_version>4.2.0</hapi_fhir_version>
-        <validator_test_case_version>1.1.0-SNAPSHOT</validator_test_case_version>
+        <validator_test_case_version>1.1.1-SNAPSHOT</validator_test_case_version>
     </properties>
 
     <artifactId>org.hl7.fhir.core</artifactId>