Skip navigation
Help

check_url

6 common.inc check_url($uri)
7 common.inc check_url($uri)

Strips dangerous protocols (e.g. 'javascript:') from a URI and encodes it for output to an HTML attribute value.

Parameters

$uri: A plain-text URI that might contain dangerous protocols.

Return value

A URI stripped of dangerous protocols and encoded for output to an HTML attribute value. Because it is already encoded, it should not be set as a value within a $attributes array passed to drupal_attributes(), because drupal_attributes() expects those values to be plain-text strings. To pass a filtered URI to drupal_attributes(), call drupal_strip_dangerous_protocols() instead.

See also

drupal_strip_dangerous_protocols()

Related topics

16 calls to check_url()

File

drupal/includes/common.inc, line 1284
Common functions that many Drupal modules will need to reference.

Code

function check_url($uri) {
  return check_plain(drupal_strip_dangerous_protocols($uri));
}