Skip to main content

IsValidURL Function

Validation8 functions

Utility Overview

Details

Comprehensive URL validation with multiple strategies including native URL API and regex patterns

Category:Validation
Functions:isValidURL, isValidHTTPSURL, isValidURLWithProtocols, isValidURLRegex, validateURLDetailed, isValidWebURL, isValidURLOrRelative, isLocalURL
Performance:

- Time: O(n) where n is URL string length - Space: O(1) constant space

Concepts:
URL parsingregular expressionsweb standardsinput validation

Implementation

isValidURL

Time: O(n) | Space: O(1)
export function isValidURL(url: string): boolean {
  if (typeof url !== 'string') return false;
  if (url.length === 0 || url.length > 2083) return false; // IE limit
  
  try {
    const urlObj = new URL(url);
    return ['http:', 'https:', 'ftp:', 'ftps:'].includes(urlObj.protocol);
  } catch {
    return false;
  }
}

// Strict HTTPS-only URL validation

Usage Examples

Basic URL validation

// Valid URLs
isValidURL('https://example.com');              // true
isValidURL('http://subdomain.example.org');     // true
isValidURL('ftp://files.example.com');          // true
isValidURL('https://example.com/path?q=test');  // true

// Invalid URLs
isValidURL('');                                 // false
isValidURL('not-a-url');                        // false
isValidURL('javascript:alert(1)');              // false
isValidURL('file:///etc/passwd');               // false

Form URL validation with HTTPS requirement

interface WebsiteForm {
  name: string;
  website: string;
}

function validateWebsiteForm(form: WebsiteForm): string[] {
  const errors: string[] = [];
  
  if (!form.name.trim()) {
    errors.push('Name is required');
  }
  
  if (!form.website.trim()) {
    errors.push('Website URL is required');
  } else if (!isValidHTTPSURL(form.website)) {
    errors.push('Website must be a valid HTTPS URL');
  }
  
  return errors;
}

const form = { name: 'Company', website: 'http://insecure.com' };
const errors = validateWebsiteForm(form);
// ['Website must be a valid HTTPS URL']

Detailed URL validation with error reporting

const result = validateURLDetailed('invalid-url');
console.log(result);
// {
//   isValid: false,
//   errors: ['Invalid URL format: Invalid URL']
// }

const result2 = validateURLDetailed('javascript://evil.com');
console.log(result2);
// {
//   isValid: false,
//   protocol: 'javascript:',
//   hostname: 'evil.com',
//   errors: ["Protocol 'javascript:' is not allowed"]
// }

// Use for detailed feedback
function getURLFeedback(url: string): string {
  const validation = validateURLDetailed(url);
  if (validation.isValid) {
    return `Valid ${validation.protocol} URL`;
  }
  return validation.errors.join('; ');
}

Development vs production URL handling

const urls = [
  'https://production.com',
  'http://localhost:3000',
  'https://127.0.0.1:8080',
  'http://192.168.1.100',
  'https://staging.local'
];

// Separate development from production URLs
const productionUrls = urls.filter(url => 
  isValidURL(url) && !isLocalURL(url)
);
const developmentUrls = urls.filter(url => 
  isValidURL(url) && isLocalURL(url)
);

console.log('Production:', productionUrls);
// ['https://production.com']

console.log('Development:', developmentUrls);
// ['http://localhost:3000', 'https://127.0.0.1:8080', 'http://192.168.1.100', 'https://staging.local']

// Conditional validation based on environment
function validateURLForEnvironment(url: string, isDevelopment: boolean): boolean {
  if (!isValidURL(url)) return false;
  
  if (isDevelopment) {
    return true; // Allow any valid URL in development
  }
  
  return isValidHTTPSURL(url) && !isLocalURL(url);
}