Prevent user from entering URL in form

Question

I have an ASP.Net Core 3.0 web application, where I have a form with several input fields. The input fields are bound to a model and they have some validation already. However, in one of the fields I want to restrict the user to enter URL addresses or even email addresses (but the URLs are more important at the moment).

My idea is the following: After the form is submitted on the server side to check the text in that field and if that text contains some URL, to remove it or invalidate it (add some spaces for example). My goal is since the users inputs will be later displayed in the web site, to restrict any URLs to be active or displayed at all, so if another user is checking that input, to not be tricked into clicking on some malicious web site links.

My question is: Do we already have a mechanism on .Net Core 3 (or previous version) that automatically checks for URLs in the user input and either removes them, invalidates them or gives a validation error? I was going to code the whole logic myself but if this is done already (in .Net Core or some other Open Source Library) it would be better and would save me some effort.

I also wonder if there are some custom validators or even basic .Net validators that are doing this. I am fine to have the validation on the server side only, but if by any chance we have a client-side validation for this, it would be even better.

SO far I don't have any specific code to show. I am interested in the general case so if it helps you, you can imagine a normal CRUD form (from those that are generated by VS).

Any help is appreciated.

Best Regards, Ahmed

== EDIT == Probably I was not clear enough. I am interested to see if a text, entered by a user contains one or several URLs in it or not. If there is any URL in that text to either remove it, somehow invalidate it or give a validation error. So if the user enters this text:

"Here you can find some crazy deals - http://crazydeals.com/notsocrazydeals and you can buy some high quality toys"

To be either turned to this:

"Here you can find some crazy deals - and you can buy some high quality toys"

or this

"Here you can find some crazy deals - h t t p : / / c r a z y d e a l s . c o m / n o t s o c r a z y d e a l s and you can buy some high quality toys"

Derrick · Accepted Answer

Regex is the best way to solve this, perhaps using "https?:.*(?=\s)" This code will remove all url's from a string:

Regex regx = new Regex("https?:.*(?=\s)", RegexOptions.IgnoreCase);

MatchCollection matches = regx.Matches(txt);

foreach (Match match in matches) {
    txt = txt.Replace(match.Value, "");

You can also use a RegularExpressionAttribute to invalidate a model input based on a pattern. Such an attribute will invalidate on both client side and server side.

public class TestModel
{
    [RegularExpression(@"^((?!(https?:.*(?=\s))).)*$", ErrorMessage = "URL's are not allowed.")]
    public string Text { get; set; }
}

Here's a Test of the RegularExpressionAttribute:

[TestMethod]
public void TestNotUrl()
{
    var modelFail = new TestModel { Text = "Here you can find some crazy deals - http://crazydeals.com/notsocrazydeals and you can buy some high quality toys" };
    var modelPass = new TestModel { Text = "Here you can find some crazy deals - crazydeals.com and you can buy some high quality toys" };

    var result = new List();
    var context = new ValidationContext(modelFail) { MemberName = "Text" };
    var expectNotValid = System.ComponentModel.DataAnnotations.Validator.TryValidateProperty(modelFail.Text, context, result);
    var expectValid = System.ComponentModel.DataAnnotations.Validator.TryValidateProperty(modelPass.Text, context, result);

    Assert.IsFalse(expectNotValid, "Expected modelFail.Text not to validate, as it contains a URL.");
    Assert.IsTrue(expectValid, "Expected modelPass.Text to validate, as it does not contain a URL.");
}

Prevent user from entering URL in form

Answers (2)

Related Questions