8.5.x common.inc check_url($uri)
8.0.x common.inc check_url($uri)
8.1.x common.inc check_url($uri)
8.2.x common.inc check_url($uri)
8.3.x common.inc check_url($uri)
8.4.x common.inc check_url($uri)
8.6.x common.inc check_url($uri)
4.6.x common.inc check_url($uri)
4.7.x common.inc check_url($uri)
5.x common.inc check_url($uri)
6.x common.inc check_url($uri)
7.x common.inc check_url($uri)

Strips dangerous protocols from a URI and encodes it for output to HTML.


$uri: A plain-text URI that might contain dangerous protocols.

Return value

A URI stripped of dangerous protocols and encoded for output to an HTML attribute value. Because it is already encoded, it should not be set as a value within a $attributes array passed to drupal_attributes(), because drupal_attributes() expects those values to be plain-text strings. To pass a filtered URI to drupal_attributes(), call drupal_strip_dangerous_protocols() instead.

See also


Related topics

14 calls to check_url()
CommentTokenReplaceTestCase::testCommentTokenReplacement in modules/comment/comment.test
Creates a comment, then tests the tokens generated from it.
CommonURLUnitTest::testLXSS in modules/simpletest/tests/common.test
Confirm that invalid text given as $path is filtered.
CommonXssUnitTest::testBadProtocolStripping in modules/simpletest/tests/common.test
Check that harmful protocols are stripped.
format_rss_channel in includes/common.inc
Formats an RSS channel.
format_rss_item in includes/common.inc
Formats a single RSS item.

... See full list


includes/common.inc, line 1436
Common functions that many Drupal modules will need to reference.


function check_url($uri) {
  return check_plain(drupal_strip_dangerous_protocols($uri));