Format
Accepts any string that does not throw inside `new URL(value)`. A scheme is required — bare hostnames like `example.com` fail.
Examples
- https://example.com/path?q=1
- http://localhost:3000
- mailto:alice@example.com (passes — any scheme)
Implementation
Faithful summary of lib/validators.ts. Validators are pure functions and run identically in the worker, the Workbench, and the MCP server.
function validUrl(value) {
try { new URL(value); return OK }
catch { return fail('url_invalid', 'not a valid URL') }
}Use in a template
Validators attach to a field on a custom template. The cascade runs them after mapping but before commit; failures surface in the per-row validation report.
fields:
- column: website
type: string
validators:
- type: urlCommon gotchas
- Any scheme passes — `mailto:`, `javascript:`, `file:`. If you only want `https`, add a regex validator alongside.
- Bare hostnames (`example.com`) fail. Templates that accept those should pre-prepend `https://` in transform.
- No SSRF protection. The validator does not block private IPs, link-local, or localhost. Use `lib/ssrfGuard.ts` separately for webhook URLs.
- Opt-in `strict: true` runs the value through the shared SSRF guard: only `http:` / `https:` schemes, no loopback / RFC1918 / link-local / metadata-service hosts (169.254.169.254 et al.). Failures return `ssrf_blocked`. Add `require_https: true` to reject `http://` as well, returning `url_scheme`. Default behavior is unchanged.
Related templates
- Accounts
accounts_v1Company-level CRM records: domain, industry, headcount, country, ARR band.
Fields:
domain
Pricing
Validators run on every committed row
Schema-only mode (headers + ≤3 sample rows) is free and unlimited; full-data commits are metered. See plans →