Strips dangerous protocols from a URI and encodes it for output to HTML.
$uri: A plain-text URI that might contain dangerous protocols.
A URI stripped of dangerous protocols and encoded for output to an HTML attribute value. Because it is already encoded, it should not be set as a value within a $attributes array passed to Drupal\Core\Template\Attribute, because Drupal\Core\Template\Attribute expects those values to be plain-text strings. To pass a filtered URI to Drupal\Core\Template\Attribute, call drupal_strip_dangerous_protocols() instead.
\Drupal\Component\Utility\Url::stripDangerousProtocols()
\Drupal\Component\Utility\String::checkPlain()
function check_url($uri) {
return String::checkPlain(UrlValidator::stripDangerousProtocols($uri));
}