New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

URL Validator does not work with Protocol-relative URLs #59

Open

cstdenis opened this issue Jul 5, 2015 · 1 comment

cstdenis commented Jul 5, 2015

Somewhat related to #40

Links and images can not be used with Protocol-relative URLs because FILTER_VALIDATE_URL is too strict.

"JavaScript:alert()" style URLs also will not work for this reason, tho that is probably for the best for safety reasons.

Author

cstdenis commented Jul 5, 2015

Simple, somewhat hacky, workaround to the issue. Not certain if it's safe, but can't see any case where it could allow anything malicious.

    public function validate($input)
    {
        $valid = filter_var($input, FILTER_VALIDATE_URL);

+      // Simple workaround for protocol relative urls.
+      // If sticking a protocol on the front makes it valid, assume it's valid
+      if(!$valid)
+          $valid = filter_var('http:'.$input, FILTER_VALIDATE_URL);

        return !!$valid;
    }

cstdenis closed this as completed

cstdenis reopened this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment