The |attribut_url filter must be applied to a tag when it is used as the href or src attribute of an HTML tag in order to secure this usage.
This filter is therefore the equivalent of |attribut_html adapted to URLs, as it makes changes that would break URLs.
Examples :
1) Securing the url of a link contained in an environment variable :
[<a href=‘(#ENV*{link}|attribut_url)’>]
2) In the template squelettes-dist/modeles/favicon.html, the |attribut_url filter secures the #ENV*{favicon} tag which comes from the environment and whose content may be dangerous.
[<link rel="shortcut icon" href="(#ENV*{favicon}
|sinon{#CHEMIN{favicon.ico}}
|sinon{#CHEMIN{spip.ico}}|attribut_url)" type="image/x-icon">]
Language strings
The attribut_url filter must also be used on language strings returning a url.