You want to check whether a given piece of text is a valid URL according to RFC 3986.

A
(# Scheme
 [a-z][a-z0-9+-.]*:
 (# Authority & path
  //
  ([a-z0-9-._~%!$&'()*+,;=]+@)?              # User
  ([a-z0-9-._~%]+                            # Named host
  |[[a-f0-9:.]+]                            # IPv6 host
  |[v[a-f0-9][a-z0-9-._~%!$&'()*+,;=:]+])  # IPvFuture host
  (:[0-9]+)?                                  # Port
  (/[a-z0-9-._~%!$&'()*+,;=:@]+)*/?          # Path
 |# Path without authority
  (/?[a-z0-9-._~%!$&'()*+,;=:@]+(/[a-z0-9-._~%!$&'()*+,;=:@]+)*/?)?
 )
|# Relative URL (no scheme or authority)
 (# Relative path
  [a-z0-9-._~%!$&'()*+,;=@]+(/[a-z0-9-._~%!$&'()*+,;=:@]+)*/?
 |# Absolute path
  (/[a-z0-9-._~%!$&'()*+,;=:@]+)+/?
 )
)
# Query
(?[a-z0-9-._~%!$&'()*+,;=:@/?]*)?
# Fragment
(#[a-z0-9-._~%!$&'()*+,;=:@/?]*)?


A
(# Scheme
 (?<scheme>[a-z][a-z0-9+-.]*):
 (# Authority & path
  //
  (?<user>[a-z0-9-._~%!$&'()*+,;=]+@)?              # User
  (?<host>[a-z0-9-._~%]+                            # Named host
  |       [[a-f0-9:.]+]                            # IPv6 host
  |       [v[a-f0-9][a-z0-9-._~%!$&'()*+,;=:]+])  # IPvFuture host
  (?<port>:[0-9]+)?                                  # Port
  (?<path>(/[a-z0-9-._~%!$&'()*+,;=:@]+)*/?)        # Path
 |# Path without authority
  (?<path>/?[a-z0-9-._~%!$&'()*+,;=:@]+
          (/[a-z0-9-._~%!$&'()*+,;=:@]+)*/?)?
 )
|# Relative URL (no scheme or authority)
 (?<path>
  # Relative path
  [a-z0-9-._~%!$&'()*+,;=@]+(/[a-z0-9-._~%!$&'()*+,;=:@]+)*/?
 |# Absolute path
  (/[a-z0-9-._~%!$&'()*+,;=:@]+)+/?
 )
)
# Query
(?<query>?[a-z0-9-._~%!$&'()*+,;=:@/?]*)?
# Fragment
(?<fragment>#[a-z0-9-._~%!$&'()*+,;=:@/?]*)?


A
(# Scheme
 (?<scheme>[a-z][a-z0-9+-.]*):
 (# Authority & path
  //
  (?<user>[a-z0-9-._~%!$&'()*+,;=]+@)?              # User
  (?<host>[a-z0-9-._~%]+                            # Named host
  |       [[a-f0-9:.]+]                            # IPv6 host
  |       [v[a-f0-9][a-z0-9-._~%!$&'()*+,;=:]+])  # IPvFuture host
  (?<port>:[0-9]+)?                                  # Port
  (?<hostpath>(/[a-z0-9-._~%!$&'()*+,;=:@]+)*/?)    # Path
 |# Path without authority
  (?<schemepath>/?[a-z0-9-._~%!$&'()*+,;=:@]+
                (/[a-z0-9-._~%!$&'()*+,;=:@]+)*/?)?
 )
|# Relative URL (no scheme or authority)
 (?<relpath>
  # Relative path
  [a-z0-9-._~%!$&'()*+,;=@]+(/[a-z0-9-._~%!$&'()*+,;=:@]+)*/?
 |# Absolute path
  (/[a-z0-9-._~%!$&'()*+,;=:@]+)+/?
 )
)
# Query
(?<query>?[a-z0-9-._~%!$&'()*+,;=:@/?]*)?
# Fragment
(?<fragment>#[a-z0-9-._~%!$&'()*+,;=:@/?]*)?


A
(# Scheme
 (?P<scheme>[a-z][a-z0-9+-.]*):
 (# Authority & path
  //
  (?P<user>[a-z0-9-._~%!$&'()*+,;=]+@)?              # User
  (?P<host>[a-z0-9-._~%]+                            # Named host
  |       [[a-f0-9:.]+]                             # IPv6 host
  |       [v[a-f0-9][a-z0-9-._~%!$&'()*+,;=:]+])   # IPvFuture host
  (?P<port>:[0-9]+)?                                  # Port
  (?P<hostpath>(/[a-z0-9-._~%!$&'()*+,;=:@]+)*/?)    # Path
 |# Path without authority
  (?P<schemepath>/?[a-z0-9-._~%!$&'()*+,;=:@]+
                 (/[a-z0-9-._~%!$&'()*+,;=:@]+)*/?)?
 )
|# Relative URL (no scheme or authority)
 (?P<relpath>
  # Relative path
  [a-z0-9-._~%!$&'()*+,;=@]+(/[a-z0-9-._~%!$&'()*+,;=:@]+)*/?
 |# Absolute path
  (/[a-z0-9-._~%!$&'()*+,;=:@]+)+/?
 )
)
# Query
(?P<query>?[a-z0-9-._~%!$&'()*+,;=:@/?]*)?
# Fragment
(?P<fragment>#[a-z0-9-._~%!$&'()*+,;=:@/?]*)?


^([a-z][a-z0-9+-.]*:(//([a-z0-9-._~%!$&'()*+,;=]+@)?([a-z0-9-._~%]+|↵
[[a-f0-9:.]+]|[v[a-f0-9][a-z0-9-._~%!$&'()*+,;=:]+])(:[0-9]+)?↵
(/[a-z0-9-._~%!$&'()*+,;=:@]+)*/?|(/?[a-z0-9-._~%!$&'()*+,;=:@]+↵
(/[a-z0-9-._~%!$&'()*+,;=:@]+)*/?)?)|([a-z0-9-._~%!$&'()*+,;=@]+↵
(/[a-z0-9-._~%!$&'()*+,;=:@]+)*/?|(/[a-z0-9-._~%!$&'()*+,;=:@]+)↵
+/?))
(?[a-z0-9-._~%!$&'()*+,;=:@/?]*)?(#[a-z0-9-._~%!$&'()*+,;=:@/?]*)?$

Most of the preceding recipes in this chapter deal with URLs, and the regular expressions in those recipes deal with specific kinds of URLs. Some of the regexes are adapted to specific purposes, such as determining whether punctuation is part of the URL or the text that quotes the URL.

The regular expressions in this recipe deal with generic URLs. They’re not intended for searching for URLs in larger text, but for validating strings that are supposed to hold URLs, and for splitting URLs into their various parts. They accomplish these tasks for any kind of URL, but in practice, you’ll likely want to make the regexes more specific. The recipes after this one show examples of more specific regexes.

RFC 3986 describes what a valid URL should look like. It covers every possible URL, including relative URLs and URLs for schemes that haven’t even been invented yet. As a result, RFC 3986 is very broad, and a regular expression that implements it is quite long. The regular expressions in this recipe only implement the basics. They’re enough to reliably split the URL into its various parts, but not to validate each of those parts. Validating all the parts would require specific knowledge of each URL scheme anyway.

RFC 3986 does not cover all URLs that you may encounter in the wild. For example, many browsers and web servers accept URLs with literal spaces in them, but RFC 3986 requires spaces to be escaped as %20.

An absolute URL must begin with a scheme, such as http: or ftp:. The first character of the scheme must be a letter. The following characters may be letters, digits, and a few specific punctuation characters. We can easily match that with two character classes: ‹[a-z][a-z0-9+-.]*›.

Many URL schemes require what RFC 3986 calls an “authority.” The authority is the domain name or IP address of the server, optionally preceded by a username, and optionally followed by a port number.

The username can consist of letters, digits, and a bunch of punctuation. It must be delimited from the domain name or IP address with an @ sign. ‹[a-z0-9-._~%!$&'()*+,;=]+@› matches the username and delimiter.

RFC 3986 is quite liberal in what it allows for the domain name. Recipe 8.15 explains what is commonly allowed for domains: letters, digits, hyphens, and dots. RFC 3986 also allows tildes, and any other character via the percentage notation. The domain name must be converted to UTF-8, and any byte that is not a letter, digit, hyphen, or tilde must be encoded as %FF, where FF is the hexadecimal representation of the byte.

To keep our regular expression simple, we don’t check if each percentage sign is followed by exactly two hexadecimal digits. It is better to do such validation after the various parts of the URL have been separated. So we match the hostname with just ‹[a-z0-9-._~%]+›, which also matches IPv4 addresses (allowed under RFC 3986).

Instead of a domain name or IPv4 address, the host also can be specified as an IPv6 address between square brackets, or even a future version of IP addresses. We match the IPv6 addresses with ‹[[a-f0-9:.]+]› and the future addresses with ‹[v[a-f0-9][a-z0-9-._~%!$&'()*+,;=:]+]›. Although we can’t validate IP addresses using a version of IP that hasn’t been defined yet, we could be more strict about the IPv6 addresses. But this is again better left for a second regex, after extracting the address from the URL. Recipe 8.17 shows that validating IPv6 addresses is far from trivial.

The port number, if specified, is simply a decimal number separated from the hostname with a colon. ‹:[0-9]+› is all we need.

If an authority is specified, it must be followed by either an absolute path or no path at all. An absolute path starts with a forward slash, followed by one or more segments delimited by forward slashes. A segment consists of one or more letters, digits, or punctuation characters. There can be no consecutive forward slashes. The path may end with a forward slash. ‹(/[a-z0-9-._~%!$&'()*+,;=:@]+)*/?› matches such paths.

If the URL does not specify an authority, the path can be absolute, relative, or omitted. Absolute paths start with a forward slash, whereas relative paths don’t. Because the leading forward slash is now optional, we need a slightly longer regex to match both absolute and relative paths: ‹/?[a-z0-9-._~%!$&'()*+,;=:@]+(/[a-z0-9-._~%!$&'()*+,;=:@]+)*/?›.

Relative URLs do not specify a scheme, and therefore no authority. The path becomes mandatory, and it can be absolute or relative. Since the URL does not specify a scheme, the first segment of a relative path cannot contain any colons. Otherwise, that colon would be seen as the delimiter of the scheme. So we need two regular expressions to match the path of a relative URL. We match relative paths with ‹[a-z0-9-._~%!$&'()*+,;=@]+(/[a-z0-9-._~%!$&'()*+,;=:@]+)*/?›. This is very similar to the regex for paths with a scheme but no authority. The only differences are the optional forward slash at the start, which is missing, and the first character class, which does not include the colon. We match absolute paths with ‹(/[a-z0-9-._~%!$&'()*+,;=:@]+)+/?›. This is the same regex as the one for paths in URLs that specify a scheme and an authority, except that the asterisk that repeats the segments of the path has become a plus. Relative URLs require at least one path segment.

The query part of the URL is optional. If present, it must start with a question mark. The query runs until the first hash sign in the URL or until the end of the URL. Since the hash sign is not among valid punctuation characters for the query part of the URL, we can easily match this with ‹?[a-z0-9-._~%!$&'()*+,;=:@/?]*›. Both of the question marks in this regex are literal characters. The first one is outside a character class, and must be escaped. The second one is inside a character class, where it is always a literal character.

The final part of a URL is the fragment, which is also optional. It begins with a hash sign and runs until the end of the URL. ‹#[a-z0-9-._~%!$&'()*+,;=:@/?]*› matches this.

To make it easier to work with the various parts of the URL, we use named capturing groups. Recipe 2.11 explains how named capture works in the different regex flavors discussed in this book. Perl 5.10, Ruby 1.9, and .NET allow multiple named capturing groups to share the same name. This is very handy in this situation, because our regex has multiple ways of matching the URL’s path, depending on whether the scheme and/or the authority are specified. If we give these three groups the same name, we can simply query the “path” group to get the path, regardless of whether the URL has a scheme and/or an authority.

The other flavors don’t support this behavior for named capture, even though most support the same syntax for named capture. For the other flavors, the three capturing groups for the path all have different names. Only one of them will actually hold the URL’s path when a match is found. The other two won’t have participated in the match.

Recipe 3.9 shows code to get the text matched by a particular part (capturing group) of a regex. Use this to get the parts of the URL you want.

Techniques used in the regular expressions in this recipe are discussed in Chapter 2. Recipe 2.3 explains character classes. Recipe 2.5 explains anchors. Recipe 2.8 explains alternation. Recipe 2.9 explains grouping. Recipe 2.11 explains named capturing groups. Recipe 2.12 explains repetition. Recipe 2.18 explains how to add comments.

Recipe 8.1 provides a simpler solution that follows more liberal rules for valid URLs used by the major web browsers, rather than strictly adhering to RFC 3986.