function check_url in Drupal 7
Same name and namespace in other branches
- 8 core/includes/common.inc \check_url()
- 4 includes/common.inc \check_url()
- 5 includes/common.inc \check_url()
- 6 includes/common.inc \check_url()
Strips dangerous protocols from a URI and encodes it for output to HTML.
Parameters
$uri: A plain-text URI that might contain dangerous protocols.
Return value
A URI stripped of dangerous protocols and encoded for output to an HTML attribute value. Because it is already encoded, it should not be set as a value within a $attributes array passed to drupal_attributes(), because drupal_attributes() expects those values to be plain-text strings. To pass a filtered URI to drupal_attributes(), call drupal_strip_dangerous_protocols() instead.
See also
drupal_strip_dangerous_protocols()
Related topics
17 calls to check_url()
- CommentTokenReplaceTestCase::testCommentTokenReplacement in modules/
comment/ comment.test - Creates a comment, then tests the tokens generated from it.
- comment_tokens in modules/
comment/ comment.tokens.inc - Implements hook_tokens().
- CommonURLUnitTest::testLXSS in modules/
simpletest/ tests/ common.test - Confirm that invalid text given as $path is filtered.
- CommonXssUnitTest::testBadProtocolStripping in modules/
simpletest/ tests/ common.test - Check that harmful protocols are stripped.
- format_rss_channel in includes/
common.inc - Formats an RSS channel.
File
- includes/
common.inc, line 1451 - Common functions that many Drupal modules will need to reference.
Code
function check_url($uri) {
return check_plain(drupal_strip_dangerous_protocols($uri));
}