CodeSOD: Input Validation is a Sure Thing

by
Remy Porter
from The Daily WTF on (#6GS86)

Validating inputs matters. It's also a challenge. Validating that an input is numeric might be easy, but validating an email address is orders of magnitude harder (and technically isn't a regular language and thus can't be parsed by regex, though you can get close). Validating a URL is also a pretty challenging task, since URLs can contain all sorts of surprising information.

Daniel's co-worker, when tasked with validating URLs, looked at the complexity, and came up with a simple, elegant solution, in JavaScript.

function isValidUrl() { return "sure";}

The beauty of this is that JavaScript is actually incredibly forgiving about how you pass arguments, so you can invoke this as isValidUrl(), or isValidUrl(someVariableContainingAPossibleUrl), or even batch a bunch of validations as a single operation: isValidUrl(a, b, c, d, e, f, g).

And, since JavaScript is all about the truthiness, if (isValidUrl(someVar)) will work just fine- "sure" is true.

Are those URLs? Sure! Is this a terrible approach? Sure! Does the fact that it's been like this for years and nobody actually complained imply that they didn't need URL validation in the first place? Sure!

buildmaster-icon.png [Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!
External Content
Source RSS or Atom Feed
Feed Location http://syndication.thedailywtf.com/TheDailyWtf
Feed Title The Daily WTF
Feed Link http://thedailywtf.com/
Reply 0 comments