URL Validation In Gravity Forms

Within Gravity Forms, URL validation methods exist to heighten security as well as avoid possible bugs. In this article, we will explain how URL validation works in Gravity Forms, and how to manipulate it.

What is URL validation?

URL validation is something that occurs within nearly all software and ensures the data submitted is the data expected. Doing so avoids issues related to security or bugs. By only allowing specific things to be passed, the probability of issues arising is significantly decreased.

How are URLs validated?

Within Gravity Forms, URLs are validated using multiple methods:

  • Checking that they begin with ‘http://’ or ‘https://’.
    $is_valid = ( strpos( $url, 'http://' ) === 0 || strpos( $url, 'https://' ) === 0 );
  • RFC validation of URLs using the filter_var() function.
    $is_valid = $is_valid && filter_var( $url, FILTER_VALIDATE_URL ) !== false;


Since Gravity Forms uses the PHP filter FILTER_VALIDATE_URL to validate URLs, the first course of action is to make sure your version of PHP is up-to-date.

If the issue persists on an up-to-date version of PHP, it is probably due to RFC standard limitations. The RFC standard is very strict, and does not account for some URLs that are valid. For example, it doesn’t support Hebrew characters even though there are URLs with those characters being used. To get around that problem, you can disable RFC validation. The following can be added to your theme or plugin:

add_filter( 'gform_rfc_url_validation', '__return_false' );

Another alternative is to implement your own custom URL validation logic. That can be done with the gform_is_valid_url filter.

Validation hooks

Following are the hooks that be used to change the default URL validation methods: