The most recognizable symbol of the Web is a plain text string known as the Uniform Resource Locator (URL). The URL is intended to conclusively address and uniquely classify a single resource on the server. The URL syntax is the base of the address bar, the most significant user interface (UI) security indicator in every browser.
In addition to actual URLs used for content rendering, several classes of pseudo-URLs use a similar syntax to give convenient access to browser-level characteristics, including the integrated scripting engine, several special document rendering modes, and so on. Sometimes, these pseudo-URL actions can have a significant impact on the security of any site that decides to link to them.
It’s very important to figure out how a singular URL will be performed by the web browser, and the side effects it will have, is one of the most basic and common security tasks tried by humans and web applications alike.
The following details show a format of a fully qualified absolute URL, one that defines all information needed to access a particular resource and that does not depend in any way on where the navigation started. In contrast, a relative URL, such as ../file.php?text=hi+John, drops some of this information and must be explained in the context of a base URL associated with the current browsing context.
“scheme:// [email protected] address:port /path/to/resource ?query_string #fragment
1- Scheme/protocol name
2- Indicator of a hierarchical URL (constant)
3- Credentials to access the resource (optional)
4- Server to retrieve the data from
5- Port number to connect to (optional)
6- Hierarchical Unix path to a resource
7- “Query string” parameters (optional)
8- “Fragment identifier” (optional)”