TYPO3 Core

While & (HTML) should be converted to & for the URL whitespaces as in your example are not supposed to be in the frontend. If that works it is pure luck. They would be encoded to %20 and become part of the path.

So I think a `html_entity_decode()` between fetching from HTML and further processing should be used.

Thanks for pointing out the issue!

I think the html_entity_decode() looks like a good solution.

The problem is, TYPO3 gives us (as result from the linkref functions) the URL as should be used in the BE form fields. So it is encoded with &

If an URL that ends with (unencoded) whitespace valid? I think not. I agree with Jonas here. Actually I think these things should be validated much earlier, preferably in the link wizard. Adding a trim() now would actually mask the problem that this is an invalid URL which should have been invalidated or sanitized earlier.

Whitespaces should be encoded in the URL, as stated above. Whitespaces will currently already cause problems - independent of linkvalidator - if you enter URLs with whitespaces unencoded in the link wizard, but that is something that probably should be handled in the linkwizard itself.

Examples:

• this is not a valid URL: "https://example.org/path with spaces?id=1&id2=2"
• nor is this: "https://example.org/ "
• this is: "https://example.org/path%20with%20spaces?id=1&id2=2"

You can use PHP filter_var

e.g.

if (filter_var($url, FILTER_VALIDATE_URL) === false) {
print("not a valid URL");
}

see https://stackoverflow.com/questions/2058578/best-way-to-check-if-a-url-is-valid

Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/62645