Sanitize a URL for safe use in href attributes. Rejects javascript:, data:, vbscript: schemes and returns '#' for invalid URLs. Also escapes HTML attribute characters in the URL.
Sanitize a URL for safe use in href attributes. Rejects javascript:, data:, vbscript: schemes and returns '#' for invalid URLs. Also escapes HTML attribute characters in the URL.