URL Regular Expression Validation

I was adding some feeds to my blogroll recently, not really thinking about what I was doing, until I went to my blog’s home page and got this:

clip_image002

Luckily I was doing periodic refreshes, just to see how the list was coming along, so it was easy to identify the culprit:

feed://http//underground.infovark.com/feed/

Look a little strange?

Here’s the offending code from “App_CodeControlsBlogroll.cs”, which throws the exception when attempting to display the feeds in my blogroll:

 Line 211:
 Line 212:      item.Request = (HttpWebRequest)WebRequest.Create(feedUrl);
 Line 213:      item.Request.Credentials = CredentialCache.DefaultNetworkCredentials;
View Plain

Specifically, line 212 tries to do a Create on the bad URL and hits the NotSupportedException.

Fortunately, this sort of behavior can easily be stopped before it becomes an issue by fixing the problem at the source. We’re going to add a couple of regular expression validators at the point at which we add the feeds, thereby preventing the error condition from arising in the first place. Of course, even with this, you’ll want to go into the Blogroll.cs control and wrap the “Create” in a try/catch. It’s just good programming sense.

If you’re using BlogEngine.NET, this step-by-step should be pretty straightforward:

1.) Open up “adminPagesBlogroll.aspx”

We’re going to modify the aspx file instead of the code-behind. You really can go either way, but this seemed the cleaner approach.

2.) Add two “RegularExpressionValidator” controls

There are two input fields we are concerned with: the Web URL text box and the RSS URL text box. First, comment out both “RequiredFieldValidator” controls. We don’t need those. Then, add two RegularExpressionValidator’s so your code looks like:

   1: <label for="<%=txtWebUrl.ClientID %>" class="wide"><%=Resources.labels.website %></label>
   2: <asp:TextBox runat="server" ID="txtWebUrl" Width="600px" />
   3: <%--<asp:RequiredFieldValidator runat="Server" ControlToValidate="txtWebUrl" ErrorMessage="required" /><br />--%>
   4: <asp:RegularExpressionValidator runat="Server" ControlToValidate="txtWebUrl" ErrorMessage="Invalid URL" ValidationExpression="[a-zA-Z0-9-.]+.[a-zA-Z]{2,3}(:[a-zA-Z0-9]*)?/?([a-zA-Z0-9-._?,'/\+&%$#=~])*" /><br />
   5:   
   6: <label for="<%=txtFeedUrl.ClientID %>" class="wide">RSS url</label>
   7: <asp:TextBox runat="server" ID="txtFeedUrl" Width="600px" />
   8: <%--<asp:RequiredFieldValidator runat="Server" ControlToValidate="txtFeedUrl" ErrorMessage="required" /><br />--%>
   9: <asp:RegularExpressionValidator runat="Server" ControlToValidate="txtFeedUrl" ErrorMessage="Invalid URL" ValidationExpression="[a-zA-Z0-9-.]+.[a-zA-Z]{2,3}(:[a-zA-Z0-9]*)?/?([a-zA-Z0-9-._?,'/\+&%$#=~])*" /><br />
View Plain

The important properties include “ControlToValidate”, which ties the validator to the text box:

   1: ControlToValidate="txtFeedUrl"
View Plain

and “ValidationExpression”, which contains our regular expression:

   1: ValidationExpression="[a-zA-Z0-9-.]+.[a-zA-Z]{2,3}(:[a-zA-Z0-9]*)?/?([a-zA-Z0-9-._?,'/\+&%$#=~])*"
The regular expression looks pretty cryptic (they all do), but it should provide proof against such malformed URL’s as the one I started this post with.

To test it out, let’s give the new validator a try. Here’s what I get when I try to add a new blogroll using the “bad” URL:

image

Looks good, and no more yellow screen of death.

Leave a Reply

Your email address will not be published. Required fields are marked *