check_url($uri)
Strips dangerous protocols from a URI and encodes it for output to HTML.
$uri: A plain-text URI that might contain dangerous protocols.
string A URI stripped of dangerous protocols and encoded for output to an HTML attribute value. Because it is already encoded, it should not be set as a value within a $attributes array passed to Drupal\Core\Template\Attribute, because Drupal\Core\Template\Attribute expects those values to be plain-text strings. To pass a filtered URI to Drupal\Core\Template\Attribute, call \Drupal\Component\Utility\UrlHelper::stripDangerousProtocols() instead.
in Drupal 8.0.x-dev, will be removed before Drupal 9.0.0. Use UrlHelper::stripDangerousProtocols() or UrlHelper::filterBadProtocol() instead. UrlHelper::stripDangerousProtocols() can be used in conjunction with \Drupal\Component\Utility\SafeMarkup::format() and an @variable placeholder which will perform the necessary escaping. UrlHelper::filterBadProtocol() is functionality equivalent to check_url() apart from the fact it is protected from double escaping bugs. Note that this method no longer marks its output as safe.
\Drupal\Component\Utility\UrlHelper::stripDangerousProtocols()
\Drupal\Component\Utility\UrlHelper::filterBadProtocol()
function check_url($uri) {
return Html::escape(UrlHelper::stripDangerousProtocols($uri));
}
© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/core!includes!common.inc/function/check_url/8.1.x