Today I learned
URL validation is super important because it checks if a URL follows a proper URL syntax and is not malicious. Nowadays URL-based vulnerabilities are very common and can be used to steal user data or redirect users to malicious websites.
Server Side Request Forgery (SSRF) is the main keyword on this topic. I won't go into too much details on this here, if you want to learn more about it, I recommend reading this definition: Server Side Request Forgery ↗ .
It's basically about attackers modifiying URLs so that they can access server data.
They suggest to use the
new URL()constructor because it's one of the easiest ways to validate URLs. It throws an error if the URL is invalid and you can access the URL's properties like
Another way to validate URLs is to use regex. Altough they advice against it, because it's not as easy to use and an error-prone approach.
The great thing about the
new URL() constructor is that is also works in Node.js and not only in the browser. So you can use it in your backend as well.
new URL() constructor here ↗ .
I hope you enjoyed this post and learned something new. If you have any questions, feel free to reach out to me on Twitter ↗ or via Email ↗.
If you want to support me, you can buy me a coffee. I would be very happy about it!☕️ Buy me a coffee ☕️
I wish you a wonderful day! Marco