Validating a valid URL

From: Shabam (blislecp_at_hotmail.com)
Date: 09/29/04

• Next message: Aaron [SQL Server MVP]: "Re: SQL Injection Prevention"
• Previous message: Shabam: "Re: SQL Injection Prevention"
• Next in thread: Cor Ligthert: "Re: Validating a valid URL"
• Reply: Cor Ligthert: "Re: Validating a valid URL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 29 Sep 2004 04:38:45 -0700

Is there a function that validates if a URL is valid or not? Basically I'm
trying to filter out bogus input, and things like cross site scripting
attacks.

Example:
<img src="javascript:alert(document.cookie)">

Doing it by regex seems way too complicated and there could be holes in the
logic if something is missed.

---

• Next message: Aaron [SQL Server MVP]: "Re: SQL Injection Prevention"
• Previous message: Shabam: "Re: SQL Injection Prevention"
• Next in thread: Cor Ligthert: "Re: Validating a valid URL"
• Reply: Cor Ligthert: "Re: Validating a valid URL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Validating a valid URL ... Is there a function that validates if a URL is valid or not? ... trying to filter out bogus input, and things like cross site scripting ... (microsoft.public.dotnet.general) RE: Cross site scripting in almost every mayor website ... yahoo tries to filter them out even if they appear inside the <xml> ... Cross site scripting in almost every mayor website ... You do have full access to the DOM of Hotmail ... (Bugtraq)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.security  > 2004-09