Via Jeff Attwood's post, in summary (because his posts tend to be very, hmm, thorough):
The primary improvement here is that we're only accepting a whitelist of known good URL characters. Allowing arbitrary random characters in URLs is setting yourself up for XSS exploits, and I can tell you that from personal experience. Don't do it! We only allow certain characters to "end" the URL. Ending a URL in common punctuation marks like period, exclamation point, semicolon, etc means those characters will be considered end-of-hyperlink characters and not included in the URL. Parens, if present, are allowed in the URL -- and we absorb the leading paren, if it is there, too.
The regular expression is:
\(?\bhttp://[-A-Za-z0-9+&@#/%?=~_()|!:,.;]*[-A-Za-z0-9+&@#/%=~_()|]
![[KickIt]](http://www.dotnetkicks.com/favicon.ico)
![[Dzone]](http://www.dzone.com/favicon.ico)
![[Digg]](http://www.digg.com/favicon.ico)
![[Reddit]](http://www.reddit.com/favicon.ico)
![[del.icio.us]](http://del.icio.us/static/img/delicious.med.gif)
![[Facebook]](http://www.facebook.com/favicon.ico)
![[Technorati]](http://www.technorati.com/favicon.ico)
![[Google]](http://www.google.com/favicon.ico)
![[StumbleUpon]](http://www.stumbleupon.com/favicon.ico)
Tags: regex, coding