function check_url in Drupal 8

Same name and namespace in other branches

1. 4 includes/common.inc \check_url()
2. 5 includes/common.inc \check_url()
3. 6 includes/common.inc \check_url()
4. 7 includes/common.inc \check_url()

Strips dangerous protocols from a URI and encodes it for output to HTML.

Parameters

$uri: A plain-text URI that might contain dangerous protocols.

Return value

string A URI stripped of dangerous protocols and encoded for output to an HTML attribute value. Because it is already encoded, it should not be set as a value within a $attributes array passed to Drupal\Core\Template\Attribute, because Drupal\Core\Template\Attribute expects those values to be plain-text strings. To pass a filtered URI to Drupal\Core\Template\Attribute, call \Drupal\Component\Utility\UrlHelper::stripDangerousProtocols() instead.

See also

\Drupal\Component\Utility\UrlHelper::stripDangerousProtocols()

\Drupal\Component\Utility\UrlHelper::filterBadProtocol()

https://www.drupal.org/node/2560027

Related topics

1 call to check_url()

XssUnitTest::testCheckUrl in core/tests/Drupal/KernelTests/Core/Common/XssUnitTest.php

Tests deprecation of the check_url() function.

File

core/includes/common.inc, line 227

Common functions that many Drupal modules will need to reference.

Code

function check_url($uri) {
  @trigger_error(__FUNCTION__ . '() is deprecated in Drupal 8.0.0 and will be removed before Drupal 9.0.0. Use UrlHelper::stripDangerousProtocols() or UrlHelper::filterBadProtocol() instead. See https://www.drupal.org/node/2560027', E_USER_DEPRECATED);
  return Html::escape(UrlHelper::stripDangerousProtocols($uri));
}