Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You haven't done URL validation properly, you are checking if theres "https:" anywhere?


Hi KomoD, why do you think I am not doing URL validation properly? Can you give an example?

Yes, the validation checks if the protocol is http or https.


because I can add "https:testhello" and it turns into "https://keepthis.site/testhello"

and I can also add "eresrsefhttps:sadasdsdfjdfhgkfjd", and "https:/"

hope this clarifies


You are right KomoD, "https:testhello" passes the validation.

The app is in ruby, I am using "URI::DEFAULT_PARSER.make_regexp(%w[http https])" for generating the regex validation, which generates this monstrosity: https://gist.github.com/ceritium/08b34277fd252a2fa7db1f16bec...

I didn't mind being pretty strict regarding the URL validation; I don't even care too much about the fact of allowing "https:testhello", but I don't like that Chrome, Safari, and maybe others are opening <a href="https:testhello"> link </a> as "https://keepthis.site/https:testhello" but Firefox opens it as a new URL without "https://keepthis.site" which is the behavior I would expect.

I am going to re-implement the validation with simpler rules. Many thanks for your feedback.


Wow, yeah that is a monstrosity to say the least, anyway no problem.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: