Forbid very strictly any kind of URL in user review

Question

I am programming a website, where users can write reviews. However the user shall not be allowed to insert any kind of link or url advertisment to another page. I tested many cases like

Hey, also check out my page on www . mywebsit . com

Hey, also check out my page on http://abcdMywebsite.com

with the following regex :

jQuery.validator.addMethod("stringHasUrl", function(val, elem) {
        var regex = new RegExp("(http|https|ftp|ftps|www|href)","i");
        if(regex.test(val)){
            return false;
        }else{
            return true;
        }    
}, "");

It basically works. But I am not sure if I am missing anything. Are there other pattern, that I should add?

Thanks!

Don't underestimate the users' ability to bypass such filters. That's a [clbuttic](http://blog.codinghorror.com/obscenity-filters-bad-idea-or-incredibly-intercoursing-bad-idea/) mistake :-) — Lucas Trzesniewski, Nov 19 '15 at 10:31
hm true. But I guess this is impossible to avoid that isn't it? Because the user could write something like "today it was a nice day.at the museum we saw ... " day.at could also be a url from Austria if he wrote "hi come to my page day.at please" — S. F., Nov 19 '15 at 10:37
You could modify [this URL regex](http://stackoverflow.com/questions/2894902/check-for-a-valid-domain-name-in-a-string), or something like it, to also detect the most common attempts at *hiding* an URL, and combine it with [this "JS ping"](http://stackoverflow.com/questions/4282151/is-it-possible-to-ping-a-server-from-javascript), to determine if there's a real web site behind it. **Note!** You'll have to consider that this will have a huge impact on performance. — SamWhan, Nov 19 '15 at 11:17
If I were to put my two cents in, I would not put more effort in as you are already doing. You will never have a 100% working solution (what about "visit my page at **monster dot com** ?") The only secure way would be to moderate the comments. — Jan, Nov 19 '15 at 12:46
@Jan, thanks for your two cents :) Yes I am also afraid of false detections which would annoy the user. Think I will add a report button if the owner of the particular page sees a link e.g. to his competitor. Then the admins can edit it. — S. F., Nov 19 '15 at 13:04

Forbid very strictly any kind of URL in user review

0 Answers0