We help IT Professionals succeed at work.

Check out this week's podcast, "Dairy Farms to Databases: Community's Hand in Technology"Listen Now

x

questions about a RegEx used to analyze URL's

226 Views
Last Modified: 2018-02-27
Question about a RegEx:

 @"[&|?](" + "myDomain.com" + ")=(.*?[^&]+)?";

what do these require or prevent before the domain?

[&|?]

and what does this require or prevent after the domain?

(.*?[^&]+)?

Thanks.
Comment
Watch Question

Dr. KlahnPrincipal Software Engineer
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
curiouswebsterSoftware Engineer

Author

Commented:
Ah, I was tied up thinking it was

& OR ?

The person who wrote this was focused on the query string parameters.

I have seen & AND ? with query string params, but do not recall seeing the | sign being used with query string params.
curiouswebsterSoftware Engineer

Author

Commented:
then, comes a capture set:

(.*?[^&]+)?"

It looks like any number of characters, NOT containing a &

am I seeing that right?

And what does the trailing ? mean?

and the ? after .* means "lazy" but I am not sure what that means.
Lead SaaS Infrastructure Engineer
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Ben Personick (Previously QCubed)Lead SaaS Infrastructure Engineer
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
curiouswebsterSoftware Engineer

Author

Commented:
Awesome tool! I am still trying to get my arms around it, but this is THE BEST RegEx site I have seen!

What's the best Flavor for me to use, given my target platform is C#?
Ben Personick (Previously QCubed)Lead SaaS Infrastructure Engineer
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
curiouswebsterSoftware Engineer

Author

Commented:
Well, funny you should ask.

I had this super RegEx working to enforce the domain was on a white list:

            string testRegEx = @"^https?:\/\/(" + whitelistedRedirects + ")[^.].*\\/?((goto|returnurl)=https?:\/\/(" + whitelistedRedirects + ")[:|\\/].*)?";

but it enforced that sub-domains must also be white-listed. The whitelist was to look thusly:

whitelistedRedirects = "mydomain.org|sso.mydomain.org";

But I wanted to have a version that mandated only that "mydomain.org" was in the whitelist, when it was part of the ReturnURL. (is this risky? Or does it add no value to force ALL domains to be in the whitelist?)

Another developer on the team came up with that other one I posted up top, but I did not understand it like the above one, since mine was created via multiple posts on EE, and I actually understand it (for the most part)

I feel better being more expressive, to make the RegEx more reaqdable. For example, if goto or returnurl is always in a return url, then it helps me to see it there. Brevity is confusing when reading both hieroglyphics AND RegEx.

Plus, I have never gotten the other guy's to return True, which normally means I am dead in the water. Mine return true, when expected, so I can take baby steps to bring it to the next level of functionality.

I am fine updating my latest RegEx, but it needs to no longer have the requirement that sub-domains be listed on the whitelist.

It seem the following "https?://" needs to be replaced with a wildcard of any number of characters which could make up a sub-domain.


Also, I added "[^.].*"

to prevent a hacker from making my domain into a sub-domain on HIS domain, thusly

mydomain.org.EVILSITE.COM

and having my RegEx thing it was a success,
Ben Personick (Previously QCubed)Lead SaaS Infrastructure Engineer
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
curiouswebsterSoftware Engineer

Author

Commented:
That still returns false...But we are getting snow and I gotta head out until Tuesday AM. I can leave this issue open....

until then.

Cheers.
Ben Personick (Previously QCubed)Lead SaaS Infrastructure Engineer
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
curiouswebsterSoftware Engineer

Author

Commented:
thanks
Ben Personick (Previously QCubed)Lead SaaS Infrastructure Engineer
CERTIFIED EXPERT

Commented:
Glad to help :)
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.