Use regex for .url()

[peterver]

Fixes issue where url can be anything due to new URL not correctly handling certain cases.

I took this url regex from a personal lib that I have up here which was originally adopted from In search of the perfect URL validation regex

Should fix:

• bug: z.string().url() is incosistent across browser #2256
• z.string().url() seems to accept any string #2236

[monodyle]

To clarify, I’m looking for a decent regular expression to validate URLs that were entered as user input with. I have no interest in parsing a list of URLs from a given string of text (even though some of the regexes on this page are capable of doing that). I also don’t want to allow every possible technically valid URL — quite the opposite. See the URL Standard if you’re looking to parse URLs in the same way that browsers do.

Assume that this regex will be used for a public URL shortener written in PHP, so URLs like http://localhost/, //foo.bar/, ://foo.bar/, data:text/plain;charset=utf-8,OHAI and tel:+1234567890 shouldn’t pass (even though they’re technically valid). Also, in this case I only want to allow the HTTP, HTTPS and FTP protocols.

This is a good point! However, I believe the valid URL should follow the standard to ensure the library is suitable for general use cases. If we need something more explicit or specific, it should be defined within the application itself.

In my case, the app's custom schema (deeplink steam://run) appears to be a valid URL for me.

The issue is that the URL class is specific to the WebAPI, so the output might vary between different JavaScript runtimes. Therefore, we should to change the URL validation method while ensuring it still complies with the standard.