could there be any disadvantages to this kind of URL validation
https://stackoverflow.com/questions/9472082
-
13-11-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
In some parts of my site, I'll allow users to enter an URL. I'm working on appengine, so what I was thinking, is to validate it like this.
try
response = urlfetch.fetch(url,follow_redirects=True, deadline=1)
if not response.status_code==200:
raise SomeCustomException
except: Exception as e:
my_exception_handling_code(e)
advantages
- checks for url pattern automatically
- also makes sure that the url isn't broken and the loading time is no longer than 1s, helping to ensure a good user experience when clicking a link on my site.
possible disadvantages I can see:
- the request has to wait for the fetch to complete. This will probably not be a very big deal, as there are very few occasions where users can enter URL's (currently only on signup).
Solution
This is a bad idea. As S. Lott pointed, url might not be available now. Or it might be available only from some specific subnetwork. Or it gets more than 1 second to load it. Just don't do this. Use a traditional approach, e.g. urlparse.
OTHER TIPS
If a user of your site figured out that you poll a URL every time they post one they might be able to exploit it for other purposes, like voting in a poll, or racking up pageviews.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
