Quick Tip: Detect and Encode Curly Brackets in URL Validation

Validating user input is always a great idea from a usability and security point of view. However, when it comes to things like URLs, the data is complex and there is a very strict pattern that the data has to adhere to. From a data perspective, this is great news, since we can validate for what we want, not try to detect what we don't.

However, a lot of modern URLs don't always do a great job following RFC 1738. Specifically, I'm looking at you .Net guys who insist on putting UUIDs wrapped in curly brackets in query strings and the like. According to RFC 1738, curly brackets are "unsafe" within URLs and should be encoded to their URL-encoded entities.