$sanitizer->url() method

Sanitize and validate given URL or return blank if it can’t be made valid

  • Performs some basic sanitization like adding a scheme to the front if it's missing, but leaves alone local/relative URLs.
  • URL is not required to conform to ProcessWire conventions unless a relative path is given.
  • Please note that URLs should always be entity encoded in your output. Many evil things are technically allowed in a valid URL, so your output should always entity encoded any URLs that came from user input.

Example

$url = $sanitizer->url('processwire.com/api/'); 
echo $sanitizer->entities($url); // outputs: http://processwire.com/api/

Usage

// basic usage
$string = $sanitizer->url(string $value);

// usage with all arguments
$string = $sanitizer->url(string $value, $options = []);

Arguments

NameType(s)Description
valuestring

URL to validate

options (optional)bool, array

Array of options to modify default behavior, including:

  • allowRelative (boolean): Whether to allow relative URLs, i.e. those without domains (default=true).
  • allowIDN (boolean): Whether to allow internationalized domain names (default=false).
  • allowQuerystring (boolean): Whether to allow query strings (default=true).
  • allowSchemes (array): Array of allowed schemes, lowercase (default=[] any).
  • disallowSchemes (array): Array of disallowed schemes, lowercase (default=['file']).
  • requireScheme (bool): Specify true to require a scheme in the URL, if one not present, it will be added to non-relative URLs (default=true).
  • convertEncoded (boolean): Convert most encoded hex characters characters (i.e. “%2F”) to non-encoded? (default=true)
  • encodeSpace (boolean): Encoded space to “%20” or allow “%20“ in URL? Only useful if convertEncoded is true. (default=false)
  • stripTags (bool): Specify false to prevent tags from being stripped (default=true).
  • stripQuotes (bool): Specify false to prevent quotes from being stripped (default=true).
  • maxLength (int): Maximum length in bytes allowed for URLs (default=4096).
  • throw (bool): Throw exceptions on invalid URLs (default=false).

Return value

string

Returns a valid URL or blank string if it can’t be made valid.

Exceptions

Method can throw exceptions on error:

  • WireException - on invalid URLs, only if $options['throw'] is true.


$sanitizer methods and properties

API reference based on ProcessWire core version 3.0.133

Twitter updates

  • ProcessWire 3.0.133 adds a useful new Page::meta() method for a new type of page-specific persistent data storage, adds the ability for users to create their own bookmarks in Lister, and has a handy and time saving update for the asmSelect input type— More
    14 June 2019
  • New post: This week we’ll take a look at 3 different WEBP image strategies that you can use in ProcessWire 3.0.132+. Then we’ll dive into a major update for the Google Client API module, and finish up by outlining some useful new updates in FormBuilder— More
    31 May 2019
  • New post: This week we've added WEBP support in ProcessWire thanks to a GitHub pull request from Horst Nogajski. This enables you to have highly optimized image output in PW and I think you’ll really like the difference it makes— More
    24 May 2019

Latest news

  • ProcessWire Weekly #266
    In the 266th issue of ProcessWire Weekly we're going to take a closer look at ProcessWire 3.0.133 (dev), introduce a third party module called Repeater Images, and highlight a recently released site belonging to the Australian Antarctic Division. Read on!
    Weekly.pw / 15 June 2019
  • ProcessWire 3.0.133 core updates
    ProcessWire 3.0.133 adds a useful new $page->meta() method for a new type of page-specific persistent data storage, adds the ability for users to create their own bookmarks in Lister, and has a handy and time saving update for the asmSelect input type. Read on for all the details, examples and screenshots.
    Blog / 14 June 2019
  • Subscribe to weekly ProcessWire news

“I am currently managing a ProcessWire site with 2 million+ pages. It’s admirably fast, and much, much faster than any other CMS we tested.” —Nickie, Web developer