Page 1 of 1

Properly validating a link?

Posted: Fri Feb 27, 2009 1:48 pm
by Citizen
Currently, I'm using this to validate user submitted links:

Code: Select all

 
function validLink($link) {
    if(preg_match("/http:\/\//", $link)) {
        return true;
    } else {
        return false;
    }
}
 
But I'm not confident that after this simple check, that the link is safe to echo out in the page in this manner:

Code: Select all

echo"<a href='$link'>Click here</a>";
Doesnt that open it up to XSS and invalid links?

Re: Properly validating a link?

Posted: Fri Feb 27, 2009 1:54 pm
by mfrank410
You could use cURL to read the page content the link is suppose to point to and check to make sure you get response code 200 back.

Re: Properly validating a link?

Posted: Fri Feb 27, 2009 2:25 pm
by Citizen
Right, but what if its not an active link? What I'm looking for is a way to just test to see if it 'looks' like a valid link and has no invalid characters. (or remove invalid characters). I don't know enough about link standards to define exactly what isnt allowed; I'm hoping someone has an existing validateLink function.