esc_url_raw() WP 2.8.0
Cleans URL for use in database query, redirects, and HTTP requests. Not cleans for a safe display.
Do not use this function if the URL is displayed in HTML code (on the screen). Use esc_url() instead — it replaces HTML entities — it will protect you against XSS attacks
Works based on:
esc_url()✈ 1 time = 0.000071s = very fast | 50000 times = 1.60s = fast
No Hooks.
Return
String. The cleaned URL. Return an empty if the URL contains the protocol not specified in $protocols.
Usage
esc_url_raw( $url, $protocols );
- $url(string) (required)
- The URL to be cleaned.
- $protocols(array)
- An array of acceptable protocols. By default:
http,https,ftp,ftps,mailto,news,irc,gopher,nntp,feed,telnet.
Default:null
Examples
#1 Basic Example
$url = 'http://example.com?foo=<script>/some</script>'; echo esc_url_raw( $url ); // http://example.com?foo=script/some/script echo esc_url( $url ); // http://example.com?foo=script/some/script
#2 URL cleaning for use in request
$url = 'http://example.com';
$response = wp_remote_get( esc_url_raw( $url ) );
if ( ! is_wp_error( $response ) ) {
echo wp_remote_retrieve_body( $response );
}
#3 Wrong usage
<!-- WRONG! Use should use esc_url() instead! --> <img src='<?php echo esc_url_raw( $url ); ?>' /> <a href='<?php echo esc_url_raw( $url ); ?>'>Example</a>
Changelog
| Since 2.8.0 | Introduced. |
Code of esc url raw:
wp-includes/formatting.php
WP 5.2.2
Related Functions
From tag: esc_ (clean validate sanitize)
More from category: Sanitizing, Escaping
- sanitize_email()
- sanitize_file_name()
- sanitize_html_class()
- sanitize_option()
- sanitize_post_field()
- sanitize_text_field()
