views:

11

answers:

0

I'm adding a feature to a web app where users can click a button to enter a link, and then paste in an address. I then want to be parse out the string entered, and extract the domain from the URL so that I can display the domain separately next to the link. The idea here is something similar to what Slashdot does, where links are displayed with their domain next to them so that users have some degree of warning before clicking on a malicious link like goatse.

Example link display:

<a href="http://www.google.com"&gt;Link&lt;/a&gt; [google.com]

What's the best way for me to parse what the user enters? I'd like to avoid limiting the users from pasting in any type of a legitimate protocol. For example, I'd like them to be able to enter in "aim:goim?screenname=SCREENNAME", which is an aim protocol link that opens a chat window. For oddball protocols like aim where the domain doesn't exist, I'd like to display the protocol instead of the domain.

Also, are there any security gotchas I should be aware of?