-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Filter out invalid characters server side #4
Comments
We're going to need a little more than just alphanumeric characters and a This post (which is based on the URI spec) lists a lot more: https://stackoverflow.com/questions/1547899/which-characters-make-a-url-invalid/1547940#1547940
All of these are valid URI characters. |
Side note: what with top level domains?
|
@bbashy that's perfect, no? protected function sanitizeInput(string $input = ''): string
{
$input = str_replace(['http://', 'https://'], '', $input);
$input = parse_url("http://{$input}", PHP_URL_HOST);
return strtolower($input);
} |
@brendt Yeah something like that is fine apart from you need to remove http(s):// since |
Not like #9 |
@bbashy |
Also @willemvb |
Ah yeah, of course! |
@willemvb I was wrong about To be complete:
So these three exceptions should be handled before |
Fixed in #9 |
Only alphanumeric characters and a
.
should be accepted. Let's just filter those out.The text was updated successfully, but these errors were encountered: