Reputation: 3184
how to validate and sanitize input of an arbitrary string input to be used as part of a URL
I have an application that allows users to create notes with titles. It uses these titles as part of the URL for the note itself to make the URLs more human readable.
I'm trying to devise the best way to both sanitize the input and provide feedback to the user on what they might have put in that is illegal.
So far I am thinking that I would use grab and store the input. Trim it and pass it to encodeURIComponent. I'd pass the output of that into decodeURIComponent. The result of decodeURIComponent would be diffed against the original input if not the same we have an error. The user would be alerted not to use the characters that do not match the diff.
Anything obviously wrong with this approach? Is there a better way?
Upvotes: 0
Views: 620
Answers (1)
Reputation: 198
This approach is good enough, but displaying the "problem areas" to the user by showing characters that do not match the diff is definitely a push for them to plan a more directed, targeted attack. Don't clearly state what is prohibited; users will find out new techniques to bypass and understand your current blacklist, and can plan a more focused attack.
Upvotes: 1
Related Questions
- Validate a string to be URL safe using regex
- Regex expression to validate invalid url charcters
- URI Regex Validation
- How to custom sanitise a string so that it's suitable for a URL?
- how can i validate a url in javascript using regular expression
- URL validation using Javascript
- Validate URL entered by user
- Validate URL information in javascript
- URL validation regex for real-world URLs
- Javascript URL validation