function check_url

Strips dangerous protocols from a URI and encodes it for output to HTML.

Parameters

$uri: A plain-text URI that might contain dangerous protocols.

Return value

A URI stripped of dangerous protocols and encoded for output to an HTML attribute value. Because it is already encoded, it should not be set as a value within a $attributes array passed to Drupal\Core\Template\Attribute, because Drupal\Core\Template\Attribute expects those values to be plain-text strings. To pass a filtered URI to Drupal\Core\Template\Attribute, call drupal_strip_dangerous_protocols() instead.

See also

\Drupal\Component\Utility\Url::stripDangerousProtocols()

\Drupal\Component\Utility\String::checkPlain()

Related topics

21 calls to check_url()
CommentTokenReplaceTest::testCommentTokenReplacement in drupal/core/modules/comment/lib/Drupal/comment/Tests/CommentTokenReplaceTest.php
Creates a comment, then tests the tokens generated from it.
comment_tokens in drupal/core/modules/comment/comment.tokens.inc
Implements hook_tokens().
DisplayPluginBase::renderMoreLink in drupal/core/modules/views/lib/Drupal/views/Plugin/views/display/DisplayPluginBase.php
Render the 'more' link
format_rss_channel in drupal/core/includes/common.inc
Formats an RSS channel.
format_rss_item in drupal/core/includes/common.inc
Formats a single RSS item.

... See full list

File

drupal/core/includes/common.inc, line 904
Common functions that many Drupal modules will need to reference.

Code

function check_url($uri) {
  return String::checkPlain(UrlValidator::stripDangerousProtocols($uri));
}