UrlFilter
class UrlFilter
Methods
Filter a URL
Parse a URL and return its components
Rebuild a parsed URL
Sanitize a URL for safe use regardless of context
Validate a parsed URL
Details
at line 22
static mixed
filter(mixed $attrValue, array $urlConfig, Logger|null $logger = null)
Filter a URL
at line 53
static protected array
parseUrl(string $url)
Parse a URL and return its components
Similar to PHP's own parse_url() except that all parts are always returned
at line 98
static protected string
rebuildUrl(array $p)
Rebuild a parsed URL
at line 195
static string
sanitizeUrl(string $url)
Sanitize a URL for safe use regardless of context
This method URL-encodes some sensitive characters in case someone would want to use the URL in some JavaScript thingy, or in CSS. We also encode characters that are not allowed in the path of a URL as defined in RFC 3986 appendix A, including percent signs that are not immediately followed by two hex digits.
" and ' to prevent breaking out of quotes (JavaScript or otherwise) ( and ) to prevent the use of functions in JavaScript (eval()) or CSS (expression()) < and > to prevent breaking out of