A better way to validate URL in C# than try-catch?

Solution 1:

Use Uri.TryCreate to create a new Uri object only if your url string is a valid URL. If the string is not a valid URL, TryCreate returns false.

string myString = "http://someUrl";
Uri myUri;
if (Uri.TryCreate(myString, UriKind.RelativeOrAbsolute, out myUri))
{
    //use the uri here
}

UPDATE

TryCreate or the Uri constructor will happily accept strings that may appear invalid, eg "Host: www.stackoverflow.com","Host:%20www.stackoverflow.com" or "chrome:about". In fact, these are perfectly valid URIs that specify a custom scheme instead of "http".

The documentation of the Uri.Scheme property provides more examples like "gopher:" (anyone remember this?), "news", "mailto", "uuid".

An application can register itself as a custom protocol handler as described in MSDN or other SO questions, eg How do I register a custom URL protocol in Windows?

TryCreate doesn't provide a way to restrict itself to specific schemes. The code needs to check the Uri.Scheme property to ensure it contains an acceptable value

UPDATE 2

Passing a weird string like "></script><script>alert(9)</script> will return true and construct a relative Uri object. Calling Uri.IsWellFormedOriginalString will return false though. So you probably need to call IsWellFormedOriginalString if you want to ensure that relative Uris are well formed.

On the other hand, calling TryCreate with UriKind.Absolute will return false in this case.

Interestingly, Uri.IsWellFormedUriString calls TryCreate internally and then returns the value of IsWellFormedOriginalString if a relative Uri was created.

Solution 2:

A shortcut would be to use Uri.IsWellFormedUriString:

if (Uri.IsWellFormedUriString(myURL, UriKind.RelativeOrAbsolute))
...