WordPress.org

Function Reference/esc url

Contents 1 Description 2 Usage 3 Parameters 4 Return Values 5 Examples 6 Notes 7 Changelog 8 Source File 9 Related

Description

Always use esc_url when sanitizing URLs (in text nodes, attribute nodes or anywhere else). Rejects URLs that do not have one of the provided whitelisted protocols (defaulting to http, https, ftp, ftps, mailto, news, irc, gopher, nntp, feed, and telnet), eliminates invalid characters, and removes dangerous characters. This function encodes characters as HTML entities: use it when generating an (X)HTML or XML document. Encodes ampersands (&) and single quotes (') as numeric entity references (&#038, &#039).

Replaces the deprecated clean_url().

Usage

<?php esc_url( $url, $protocols, $_context ); ?>

Parameters

$url

(string) (required) The URL to be cleaned.

Default: None

$protocols

(array) (optional) An array of acceptable protocols. Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set.

Default: null

$_context

(string) (optional) How the URL will be used. Default is 'display'.

Default: 'display'

Return Values

(string) 

The cleaned $url after the 'cleaned_url' filter is applied.

Examples

Notes

Changelog

• Since: 2.8

Source File

esc_url() is located in wp-includes/formatting.php.

Related

• esc_html()
• esc_attr()
• esc_textarea()
• esc_js()
• esc_url()
  • esc_url_raw()
  • urlencode()
  • urlencode_deep()

See the Data Validation article for an in-depth discussion of input and output sanitization.

• Home Page
• WordPress Lessons
• Getting Started
• Working with WordPress
• Design and Layout
• Advanced Topics
• Troubleshooting
• Developer Docs
• About WordPress

Codex Resources

• Community portal
• Current events
• Recent changes
• Random page
• Help