NAME Data::Validate::URI - common url validation methods SYNOPSIS use Data::Validate::URI qw(is_uri); if(is_uri($suspect)){ print "Looks like an URI\n"; } else { print "Not a URI\n"; } # or as an object my $v = Data::Validate::URI->new(); die "not a URI" unless ($v->is_uri('foo')); DESCRIPTION This module collects common URI validation routines to make input validation, and untainting easier and more readable. All functions return an untainted value if the test passes, and undef if it fails. This means that you should always check for a defined status explicitly. Don't assume the return will be true. The value to test is always the first (and often only) argument. There are a number of other URI validation modules out there as well (see below.) This one focuses on being fast, lightweight, and relatively 'real-world'. i.e. it's good if you want to check user input, and don't need to parse out the URI/URL into chunks. Right now the module focuses on HTTP URIs, since they're arguably the most common. If you have a specialized scheme you'd like to have supported, let me know. FUNCTIONS new - constructor for OO usage new(); *Description* Returns a Data::Validator::URI object. This lets you access all the validator function calls as methods without importing them into your namespace or using the clumsy Data::Validate::URI::function_name() format. *Arguments* None *Returns* Returns a Data::Validate::URI object is_uri - is the value a well-formed uri? is_uri($value); *Description* Returns the untainted URI if the test value appears to be well-formed. Note that you may really want one of the more practical methods like is_http_uri or is_https_uri, since the URI standard (RFC 3986) allows a lot of things you probably don't want. *Arguments* $value The potential URI to test. *Returns* Returns the untainted URI on success, undef on failure. *Notes, Exceptions, & Bugs* This function does not make any attempt to check whether the URI is accessible or 'makes sense' in any meaningful way. It just checks that it is formatted correctly. is_http_uri - is the value a well-formed HTTP uri? is_http_uri($value); *Description* Specialized version of is_uri() that only likes http:// urls. As a result, it can also do a much more thorough job validating. Also, unlike is_uri() it is more concerned with only allowing real-world URIs through. Things like relative hostnames are allowed by the standards, but probably aren't wise. Conversely, null paths aren't allowed per RFC 2616 (should be '/' instead), but are allowed by this function. This function only works for fully-qualified URIs. /bob.html won't work. See RFC 3986 for the appropriate method to turn a relative URI into an absolute one given its context. Returns the untainted URI if the test value appears to be well-formed. Note that you probably want to either call this in combo with is_https_uri(). i.e. print "Good" if(is_http_uri($uri) || is_https_uri($uri)); or use the convenience method is_web_uri which is equivalent. *Arguments* $value The potential URI to test. *Returns* Returns the untainted URI on success, undef on failure. *Notes, Exceptions, & Bugs* This function does not make any attempt to check whether the URI is accessible or 'makes sense' in any meaningful way. It just checks that it is formatted correctly. is_https_uri - is the value a well-formed HTTPS uri? is_https_uri($value); *Description* See is_http_uri() for details. This version only likes the https URI scheme. Otherwise it's identical to is_http_uri() *Arguments* $value The potential URI to test. *Returns* Returns the untainted URI on success, undef on failure. *Notes, Exceptions, & Bugs* This function does not make any attempt to check whether the URI is accessible or 'makes sense' in any meaningful way. It just checks that it is formatted correctly. is_web_uri - is the value a well-formed HTTP or HTTPS uri? is_web_uri($value); *Description* This is just a convinience method that combines is_http_uri and is_https_uri to accept most common real-world URLs. *Arguments* $value The potential URI to test. *Returns* Returns the untainted URI on success, undef on failure. *Notes, Exceptions, & Bugs* This function does not make any attempt to check whether the URI is accessible or 'makes sense' in any meaningful way. It just checks that it is formatted correctly. is_tel_uri - is the value a well-formed telephone uri? is_tel_uri($value); *Description* Specialized version of is_uri() that only likes tel: urls. As a result, it can also do a much more thorough job validating according to RFC 3966. Returns the untainted URI if the test value appears to be well-formed. *Arguments* $value The potential URI to test. *Returns* Returns the untainted URI on success, undef on failure. *Notes, Exceptions, & Bugs* This function does not make any attempt to check whether the URI is accessible or 'makes sense' in any meaningful way. It just checks that it is formatted correctly. SEE ALSO URI, RFC 3986, RFC 3966, RFC 4694, RFC 4759, RFC 4904 AUTHOR Richard Sonnen <sonnen@richardsonnen.com>. is_tel_uri by David Dick <ddick@cpan.org>. COPYRIGHT Copyright (c) 2005 Richard Sonnen. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.