function check_url in Drupal 8
Same name and namespace in other branches
- 4 includes/common.inc \check_url()
- 5 includes/common.inc \check_url()
- 6 includes/common.inc \check_url()
- 7 includes/common.inc \check_url()
Strips dangerous protocols from a URI and encodes it for output to HTML.
Parameters
$uri: A plain-text URI that might contain dangerous protocols.
Return value
string A URI stripped of dangerous protocols and encoded for output to an HTML attribute value. Because it is already encoded, it should not be set as a value within a $attributes array passed to Drupal\Core\Template\Attribute, because Drupal\Core\Template\Attribute expects those values to be plain-text strings. To pass a filtered URI to Drupal\Core\Template\Attribute, call \Drupal\Component\Utility\UrlHelper::stripDangerousProtocols() instead.
Deprecated
in drupal:8.0.0 and is removed from drupal:9.0.0. Use UrlHelper::stripDangerousProtocols() or UrlHelper::filterBadProtocol() instead. UrlHelper::stripDangerousProtocols() can be used in conjunction with \Drupal\Component\Render\FormattableMarkup and an @variable placeholder which will perform the necessary escaping. UrlHelper::filterBadProtocol() is functionality equivalent to check_url() apart from the fact it is protected from double escaping bugs. Note that this method no longer marks its output as safe.
See also
\Drupal\Component\Utility\UrlHelper::stripDangerousProtocols()
\Drupal\Component\Utility\UrlHelper::filterBadProtocol()
https://www.drupal.org/node/2560027
Related topics
1 call to check_url()
- XssUnitTest::testCheckUrl in core/
tests/ Drupal/ KernelTests/ Core/ Common/ XssUnitTest.php - Tests deprecation of the check_url() function.
File
- core/
includes/ common.inc, line 227 - Common functions that many Drupal modules will need to reference.
Code
function check_url($uri) {
@trigger_error(__FUNCTION__ . '() is deprecated in Drupal 8.0.0 and will be removed before Drupal 9.0.0. Use UrlHelper::stripDangerousProtocols() or UrlHelper::filterBadProtocol() instead. See https://www.drupal.org/node/2560027', E_USER_DEPRECATED);
return Html::escape(UrlHelper::stripDangerousProtocols($uri));
}