Page 1 of 1
Characters to exclude from a URL submission
Posted: Sat Oct 12, 2002 7:13 pm
by Jay
i am preparing a regular expression pattern to
exclude the following characters in submitted URLS, please feel free to add to this list?
Code: Select all
var $chars = '\r\n \t\x0B<>''"\\]\\ї'; // characters to exclude in URLs
Thank you.
Posted: Sat Oct 12, 2002 9:31 pm
by rev
Posted: Sun Oct 13, 2002 2:56 am
by Takuma
You won't be able to use <, > etc. in URL anyway, it's gets encoded...
Posted: Sun Oct 13, 2002 12:41 pm
by hob_goblin
No, he's talking about something like an input in a form
Because i could easily just input:
Code: Select all
http://somesite.com/">okay</a><script><!-- bad script here -->
But heres how i'd do it.
Code: Select all
if(!preg_match('(http://ї-a-zA-Z0-9@:%_\+.~#?&//=]+)', $string)){
die('Invalid input');
}