I am writting a web application (ASP.Net MVC, C #) that requires the user to provide RSS URLs or an Atom feed, which I then read with the following code:
var xmlRdr = XmlReader.Create(urlProvidedByUserAsString); var syndicFeed = SyndicationFeed.Load(xmlRdr);
When debugging my application, I accidentally passed /something/like/this as a URL, and I got an exception saying that C:\something\like\this could not be opened.
It looks like the user can provide a local path and my application will try to read it.
How can I make this code safe? This is probably not enough to check https:// or http:// at the beginning of the URL, as the user can still enter something like http://localhost/blah . Is there any other way, possibly with the uri class, to check if the url is pointing to a website?
Edit: I think I also need to prevent the user from entering addresses that would point to other computers on my network, like this example: http://192.168.0.6/ or http://AnotherMachineName/
source share