Do I need to do anything to a Href link? Like Encoding it or so

Asked Sep 19 '19 at 20:33

Active Sep 19 '19 at 20:46

Viewed 257 times

I have a question, if I have <a href="userInputLink" </a> what do I need to do to the users input? I tried encoding it but then it won't work as a link.

Basically, user types some text inside a textbox and he may paste links in there too, I have a regular expression that catches user links and puts them into a href. Is this enough validation? Do I need to encode and escape characters? If yes then how? I used encodeURI and encodeURIComponent but they broke my link since you cant put that in href.

For example: User puts a message like "hey, click on this link: "https://www.youtube.com" and this link too "www.google.com" and the links get taken out from a string and put into href. Just like in any messenger where you put a link in-between a message you can click it when you send it to a different user. So do I need to encode it for security?

Here is what I have so far

edited Sep 19 '19 at 20:46

Julian

1,592
1
13
33

asked Sep 19 '19 at 20:33

Master Chiff

Please post your actual code, not an image. – haldo Sep 19 '19 at 20:40
https://stackoverflow.com/a/40144504/2444210 Use this package to validate the URL, and reject it if it's invalid. If it's valid, use it as-is. – IceMetalPunk Sep 19 '19 at 21:15

Do I need to do anything to a Href link? Like Encoding it or so

0 Answers0