esc_url_raw()WP 2.8.0

Cleans URL for use in database query, redirects, and HTTP requests. Not cleans for a safe display.

Do not use this function if the URL is displayed in HTML code (on the screen). Use esc_url() instead — it replaces HTML entities — it will protect you against XSS attacks

This function is an alias for sanitize_url().

Uses: esc_url()
1 time — 0.000071 sec (very fast) | 50000 times — 1.60 sec (fast)

No Hooks.

Return

String. The cleaned URL. Return an empty if the URL contains the protocol not specified in $protocols.

Usage

esc_url_raw( $url, $protocols );
$url(string) (required)
The URL to be cleaned.
$protocols(array)
An array of acceptable protocols. By default: http, https, ftp, ftps, mailto, news, irc, gopher, nntp, feed, telnet.
Default: null

Examples

0

#1 Basic Example

echo esc_url_raw( '//example.com/foo?bar' ); // //example.com/foo?bar
echo esc_url_raw( '/example.com/foo?bar' );  // /example.com/foo?bar
echo esc_url_raw( '/example/foo?bar' );      // /example/foo?bar
echo esc_url_raw( '/' );                     // /

echo esc_url_raw( 123 );   // http://123
echo esc_url_raw( '123' ); // http://123

var_dump( esc_url_raw( '' ) );    // string(0) ""
var_dump( esc_url_raw( false ) ); // string(0) ""
var_dump( esc_url_raw( null ) );  // string(0) ""
var_dump( esc_url_raw( [] ) );    // string(0) ""

$url = 'http://example.com?foo=<script>/some</script>';
echo esc_url_raw( $url ); // http://example.com?foo=script/some/script
echo esc_url( $url );     // http://example.com?foo=script/some/script
0

#2 URL cleaning for use in request

$url = 'http://example.com';
$response = wp_remote_get( esc_url_raw( $url ) );
if ( ! is_wp_error( $response ) ) {
	echo wp_remote_retrieve_body( $response );
}
0

#3 Wrong usage

<!-- WRONG! Use should use esc_url() instead! -->
<img src='<?php echo esc_url_raw( $url ); ?>' />
<a href='<?php echo esc_url_raw( $url ); ?>'>Example</a>

Notes

Changelog

Since 2.8.0 Introduced.
Since 6.1.0 Turned into an alias for sanitize_url().

esc_url_raw() code WP 6.7.1

function esc_url_raw( $url, $protocols = null ) {
	return sanitize_url( $url, $protocols );
}