regex & clickable url

[stm999999999]

hello,

I tinker a regex for clickable urls (based on the existing one and a thread here long time ago) with the following functions:

* works with umlaut-Domains www.müller.example
* displays as link-text all without leading protocol (http:// ...):

Code: Select all

http://bla.example becomes <a href="http://bla.example">bla.example</a>

* works with http://example.com and www.example.com as well

Code: Select all

<?php # $Id: ClickableURL.php,v 1.1 2005/11/28 14:14:43 garvinhicking Exp $
// ClickableURL preg replace markup
// turns urls into clickable links
//
$regexpArray = array(
	'SearchArray'=>array(
      "/([^]_a-z0-9-=\"'\/])(www\.[^ \r\n\(\)\^\$!`\"'\|\[\]\{\}<>]*)/si",
      "/^(www\.[^ \r\n\(\)\^\$!`\"'\|\[\]\{\}<>]*)/si",
      "/([^]_a-z0-9-=\"'\/])((https?|ftps?|gopher|news|telnet):\/\/)([^ \r\n\(\)\^\$!`\"'\|\[\]\{\}<>]*)/si",
      "/^((https?|ftps?|gopher|news|telnet):\/\/)([^ \r\n\(\)\^\$!`\"'\|\[\]\{\}<>]*)/si"
    ),
    'ReplaceArray'=>array(
		'\\1<a href="http://\\2">\\2</a>',
		'<a href="http://\\1">\\1</a>',
		'\\1<a href="\\2\\4">\\4</a>',
 		'<a href="\\1\\3">\\3</a>'

    )
);

?>

my question: is it safe? (for Cross-Site Scripting)?

[garvinhicking]

Hi!

One suggestion to make your regex more readable: Do not use "/" as the regexp starting/ending character but something like "^". Then you don't need to escape the "/"s everywhere, which makes your code much more readable.

Regards,
Garvin