Validating a URL is a common requirement. The definition of a URL is incredibly broad, but most web applications care about standard HTTP/HTTPS links.

A Robust Pattern

This pattern is widely used for detecting URLs in text:

https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)

What makes this work?

• https?: Matches http or https.
• [-a-zA-Z0-9@:%._\+~#=]{1,256}: Permissive domain name character set.
• \.[a-zA-Z0-9()]{1,6}: Catches TLDs like .com, .museum, or .io.
• \b: Ensures we don't start matching in the middle of a word.