Properly validating a link?
Posted: Fri Feb 27, 2009 1:48 pm
Currently, I'm using this to validate user submitted links:
But I'm not confident that after this simple check, that the link is safe to echo out in the page in this manner:
Doesnt that open it up to XSS and invalid links?
Code: Select all
function validLink($link) {
if(preg_match("/http:\/\//", $link)) {
return true;
} else {
return false;
}
}
Code: Select all
echo"<a href='$link'>Click here</a>";