Home/ Questions/Q 157977
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T10:36:00+00:00

Basically I’m trying to open a URL in my .NET application. This can be

  • 0

Basically I’m trying to open a URL in my .NET application. This can be achieved easily by doing : 

Process.Start('http://www.google.com')

However in my case the URL can be controlled by external users, therefore I don’t want them to execute commands in the system by injecting meta characters etc.

So safe way would be :

  • Read registry and see what’s the default browser
  • Creating New Process() with the default browser’s executable
  • Supply the URL as argument
  • Start the process

Before implementing this, I just want to be sure I’m not making this overcomplicated. What do you think?

I’m not keen on implementing filtering on the input, it’s just a dirty solution

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Why not instead make sure it’s a valid HTTP url by parsing it? 

    Uri target = null; if ( Uri.TryCreate(userSuppliedString, UriKind.Absolute, out target) &&       (Uri.UriSchemeHttp == target.Scheme || Uri.UriSchemeHttps == target.Scheme) ) {   // It's an URI that I can use    Process.Start(target.ToString()); }

    Note that this example does not use the userSupplied string to create the process. It lets the Uri class format the string passed to the Start call.

    You can extend the Scheme check to include all schemes that you feel are valid (FTP for instance).

    • 0