$sanitizer->url() method

Sanitize and validate given URL or return blank if it can’t be made valid

  • Performs some basic sanitization like adding a scheme to the front if it's missing, but leaves alone local/relative URLs.
  • URL is not required to conform to ProcessWire conventions unless a relative path is given.
  • Please note that URLs should always be entity encoded in your output. Many evil things are technically allowed in a valid URL, so your output should always entity encoded any URLs that came from user input.

Example

$url = $sanitizer->url('processwire.com/api/'); 
echo $sanitizer->entities($url); // outputs: http://processwire.com/api/

Usage

// basic usage
$string = $sanitizer->url(string $value);

// usage with all arguments
$string = $sanitizer->url(string $value, $options = []);

Arguments

NameType(s)Description
valuestring

URL to validate

options (optional)bool, array

Array of options to modify default behavior, including:

  • allowRelative (boolean): Whether to allow relative URLs, i.e. those without domains (default=true).
  • allowIDN (boolean): Whether to allow internationalized domain names (default=false).
  • allowQuerystring (boolean): Whether to allow query strings (default=true).
  • allowSchemes (array): Array of allowed schemes, lowercase (default=[] any).
  • disallowSchemes (array): Array of disallowed schemes, lowercase (default=['file']).
  • requireScheme (bool): Specify true to require a scheme in the URL, if one not present, it will be added to non-relative URLs (default=true).
  • convertEncoded (boolean): Convert most encoded hex characters characters (i.e. “%2F”) to non-encoded? (default=true)
  • encodeSpace (boolean): Encoded space to “%20” or allow “%20“ in URL? Only useful if convertEncoded is true. (default=false)
  • stripTags (bool): Specify false to prevent tags from being stripped (default=true).
  • stripQuotes (bool): Specify false to prevent quotes from being stripped (default=true).
  • maxLength (int): Maximum length in bytes allowed for URLs (default=4096).
  • throw (bool): Throw exceptions on invalid URLs (default=false).

Return value

string

Returns a valid URL or blank string if it can’t be made valid.

Exceptions

Method can throw exceptions on error:

  • WireException - on invalid URLs, only if $options['throw'] is true.


$sanitizer methods and properties

API reference based on ProcessWire core version 3.0.200

Twitter updates

  • Weekly update: Smooth rollout for ProcessWire 3.0.200 main/master, plus getting started on a new WP-to-PW site conversion and why they can be so rewarding— More
    20 May 2022
  • New main/master version of ProcessWire that has more than 220 commits, resolves more than 80 issues, adds numerous new features, performance improvements and optimizations, and consumes HALF the disk space of our previous release— More
    13 May 2022
  • Summary of weekly core updates for 22 April 2022 More
    22 April 2022

Latest news

  • ProcessWire Weekly #419
    In issue 419 of ProcessWire Weekly we'll check out this week's core updates, introduce a brand new recipe of the week, and more. Read on!
    Weekly.pw / 21 May 2022
  • ProcessWire 3.0.200 new master/main version
    This new main/master version has more than 220 commits, resolves more than 80 issues, adds numerous new features, performance improvements and optimizations, and consumes HALF the disk space of our previous release. This post covers all the details.
    Blog / 13 May 2022
  • Subscribe to weekly ProcessWire news

I just love the easy and intuitive ProcessWire API. ProcessWire rocks!” —Jens Martsch, Web developer