$sanitizer->url() method

Sanitize and validate given URL or return blank if it can’t be made valid

  • Performs some basic sanitization like adding a scheme to the front if it's missing, but leaves alone local/relative URLs.
  • URL is not required to conform to ProcessWire conventions unless a relative path is given.
  • Please note that URLs should always be entity encoded in your output. Many evil things are technically allowed in a valid URL, so your output should always entity encoded any URLs that came from user input.

Example

$url = $sanitizer->url('processwire.com/api/'); 
echo $sanitizer->entities($url); // outputs: http://processwire.com/api/

Usage

// basic usage
$string = $sanitizer->url(string $value);

// usage with all arguments
$string = $sanitizer->url(string $value, $options = []);

Arguments

NameType(s)Description
valuestring

URL to validate

options (optional)bool, array

Array of options to modify default behavior, including:

  • allowRelative (boolean): Whether to allow relative URLs, i.e. those without domains (default=true).
  • allowIDN (boolean): Whether to allow internationalized domain names (default=false).
  • allowQuerystring (boolean): Whether to allow query strings (default=true).
  • allowSchemes (array): Array of allowed schemes, lowercase (default=[] any).
  • disallowSchemes (array): Array of disallowed schemes, lowercase (default=['file']).
  • requireScheme (bool): Specify true to require a scheme in the URL, if one not present, it will be added to non-relative URLs (default=true).
  • convertEncoded (boolean): Convert most encoded hex characters characters (i.e. “%2F”) to non-encoded? (default=true)
  • encodeSpace (boolean): Encoded space to “%20” or allow “%20“ in URL? Only useful if convertEncoded is true. (default=false)
  • stripTags (bool): Specify false to prevent tags from being stripped (default=true).
  • stripQuotes (bool): Specify false to prevent quotes from being stripped (default=true).
  • maxLength (int): Maximum length in bytes allowed for URLs (default=4096).
  • throw (bool): Throw exceptions on invalid URLs (default=false).

Return value

string

Returns a valid URL or blank string if it can’t be made valid.

Exceptions

Method can throw exceptions on error:

  • WireException - on invalid URLs, only if $options['throw'] is true.


$sanitizer methods and properties

API reference based on ProcessWire core version 3.0.148

Twitter updates

  • Weekly update for Jan 10, 2020—front-end file uploads in LoginRegisterPro with InputfieldFrontendFile module: More
    10 January 2020
  • If you haven't seen it yet, be sure to check out this great infographic by @teppokoivula in ProcessWire Weekly #294— How ProcessWire professionals work—the results of our recent weekly polls summarised: weekly.pw/issue/294/#how…
    3 January 2020
  • Today we have a new master version released, 3.0.148! There are 25 new versions worth of upgrades, fixes and optimizations in this new master version, relative to the previous. In this post we take a closer look at what’s new, how to upgrade, & more— More
    3 January 2020

Latest news

  • ProcessWire Weekly #298
    In the 298th issue of ProcessWire Weekly we're going to take a quick look at the latest core updates, introduce the PWGeeks project, and highlight some recently released ProcessWire content. Read on!
    Weekly.pw / 25 January 2020
  • ProcessWire 3.0.148 new master
    Today we have a new master version released, version 3.0.148! The last master version was 3.0.123, so there are 25 new versions worth of upgrades, fixes and optimizations in this new master version, relative to the previous. In this post we’ll take a closer look at what’s new, how to upgrade, and more.
    Blog / 3 January 2020
  • Subscribe to weekly ProcessWire news

“We chose ProcessWire because of its excellent architecture, modular extensibility and the internal API. The CMS offers the necessary flexibility and performance for such a complex website like superbude.de. ProcessWire offers options that are only available for larger systems, such as Drupal, and allows a much slimmer development process.” —xport communication GmbH