Regex Expression for a URL Whitelist

Question

This has been driving me crazy.

I need to construct a single regex expression of a whitelist of urls to allow my site to link to. They should be of the form:

*.microsoft.com/*

So the following urls are valid:

http://digital.microsoft.com/audio/somefile.wmv
http://sharepoint.microsoft.com/pages/p1

And the following invalid:

http://badsite.microsoft.com.me
http://www.microsoft.com.me/runthis

I need a regex expression which will allow valid microsoft sites to be linked to, but block malicious sites which my submit links with the words microsoft.com in them.

Any help is appreciated!

UPDATE

Based on the answer by @ruakh, I was able to tweak the expression to match my scenario: I will mark his post as the answer.

Expression: ^([a-z|A-Z])+?://([^/]+[.])?(microsoft[.]com|MICROSOFT[.]COM)?(/.*)?$

This expression correctly matches the following:

• http://test.microsoft.com/?page=1 http://msevents.microsoft.com
• https://myevents.microsoft.com/somesubsite/Event.aspx?EventID=56456&Culture=en-US
• mms://digital.microsoft.com/456/videos/23800_str.wmv
• http://go.microsoft.com/?linkid=9775098
• http://GO.MICROSOFT.COM/?linkid=9775098

And correctly does not match the following:

• http://me.microsoft.com.au
• http://microsoft.com.mysite.com
• http://microsoft.com.mysite.com/blah
• mms://microsoft.com.mysite.com

Answer 1

A bit more sophisticated regex: ^([a-z|A-Z])+?://([^/?#]+[.])?(microsoft[.]com|MICROSOFT[.]COM)?(/.*)?$

if you also don't want to match:

http://go.something.com?go.microsoft.com
http://go.something.com?param=go.microsoft.com
http://go.something.com#go.microsoft.com

Answer 2

I think it would be better to use a URL-parsing library, but since you say you need "a single regex expression" (emphasis mine), I take it that, for some externally-driven reason, you really need to do this in a regex? In that case, I'd probably write something like:

^(https?|mms)://([^/]+[.])?(?i:microsoft[.]com)(/.*)?$