Item10561: add a Sandbox::validateUrl

in fact, it looks like we have no 'right way' to test for and work on urls input by users.

sven@quad7:~/src/foswiki/core/lib$ rgrep linkProto *
Foswiki/Plugins/WysiwygPlugin/TML2HTML.pm:s/((^|(?<=[-*\s(]))$Foswiki::regex{linkProtocolPattern}:[^\s<>"]+[^\s*.,!?;:)<])/$this->_liftOut($1, 'LINK')/geo;
Foswiki/Render.pm:        $text =~ s/($Foswiki::regex{linkProtocolPattern}):(?=\S)/$1<nop>:/go;
Foswiki/Render.pm:    if ( $link =~ m#^($Foswiki::regex{linkProtocolPattern}:|/)# ) {
Foswiki/Render.pm:               ($Foswiki::regex{linkProtocolPattern}:
Foswiki/Render.pm:                \[$Foswiki::regex{linkProtocolPattern}\:
Foswiki/Macros/INCLUDE.pm:m#^($Foswiki::regex{webNameRegex}\.|$Foswiki::regex{defaultWebNameRegex}\.|$Foswiki::regex{linkProtocolPattern}:|/)#o
Foswiki/IncludeHandlers/http.pm:    elsif ( $url =~ /^$Foswiki::regex{linkProtocolPattern}:/o ) {
Foswiki.pm:    $regex{linkProtocolPattern} = $Foswiki::cfg{LinkProtocolPattern};
Foswiki.pm:   * The target matches the linkProtocolPattern regex, and redirection
Foswiki.pm:    if ( $redirecturl =~ m#^$regex{linkProtocolPattern}://#o ) {
Foswiki.pm:        if (   $topic =~ m#^$regex{linkProtocolPattern}://#o

in my case, i don't just want to untaint it, i'd like to ensure that its going to the correct tld, and that its not got some evil scripts stuff in it

-- SvenDowideit - 29 Mar 2011

Would also be good to follow the configure settings of allowing external URLs,. and maybe the list of redirect hosts. Sandbox is part of the Foswiki API - does this need a feature proposal?

-- GeorgeClark - 11 Apr 2011

Commenting is disabled while not logged in