I’m confused about URL sanitization in meta boxes

Choice between esc_url and esc_url_raw depends on the use you have to do with the url.

If you have to use the url to display inside html use esc_url, E.g.:

$my_link = get_post_meta( $post->ID, 'mod_modbox_link', true );
echo '<a href="' . esc_url($my_link) . '">Open link</a>'

esc_url_raw should be used for any other use, where the url should be treated as a valid url, e.g. redirect:

$my_link = get_post_meta( $post->ID, 'mod_modbox_link', true );
wp_redirect( esc_url_raw($my_link) );

or HTTP API functions:

$my_link = get_post_meta( $post->ID, 'mod_modbox_link', true );
$response = wp_remote_get( esc_url_raw($my_link) );

This is because esc_url converts special htmlentities in their encoded versions, esc_url_raw doesn’t.
E.g. if your url is something like http://example.com/index.php?foo=bar&bar=baz that is a full valid url, when you use esc_url the & is converted in &#038 not when you use esc_url_raw.

Codex say to use esc_url_raw also to save url in db, and in your case the post meta is saved in database, so you should use esc_url_raw when you set the meta:

$link = isset($_POST['meta']) ? esc_url_raw($_POST['meta']) : '';
update_post_meta( $post_id, 'mod_modbox_link', $link );

Then when you retrieve it, use esc_url_raw or esc_url according to your needs: if you have to print in the html use esc_url otherwise use esc_url_raw.

Related Posts:

  1. how to sanitize checkbox input?
  2. Custom-Metaboxes-and-Fields text_url field prepending http://
  3. How to set default screen options?
  4. Add “upload media” button in meta box field
  5. Does WordPress have a “Form API”?
  6. Metabox with checkbox is not updating
  7. Hiding a theme’s meta box
  8. Block metabox – No expanding, no moving around
  9. Access the environment of an admin page from another admin page
  10. Add filter ‘wpautop’ to meta box textarea
  11. add_meta_box does not go ‘side’
  12. Getting jQuery sortable items in custom metabox
  13. How do I stop HTML entities in a custom meta box from being un-htmlentitied?
  14. meta content on required pages
  15. Dynamically Creating Meta Boxes
  16. remove_meta_box for all post types doesn’t seem to work
  17. Position right sidebar metabox right below the publish metabox?
  18. MetaBox Layout for all users
  19. How to store multiple input values with same meta_key
  20. post-excerpt not one of the options under screen options
  21. How to remove/hide the predictive autocomplete popup when I type in the tag/term metabox
  22. make a excerpt on data from a meta box?
  23. How to put Periods and Spaces for Array Values (Meta Key)
  24. Meta box io oembed returns list not array
  25. How to verify meta box is registered in Unit Testing?
  26. Add a custom field to top attribute in WooCommerce
  27. wp_editor in metabox not working
  28. Add_meta_box not appearing, but does appear in screen options
  29. Change the post date from a meta box
  30. update_post_meta and get_post_meta not working
  31. Customize WordPress Media Upload and New Media Manager Menu in add post Metabox
  32. Repeatable custom meta fields
  33. Get all meta boxes values
  34. How to display a custom post type’s media library inline on meta box
  35. Modules with meta box implementations
  36. Metabox saves on Update or Publish, but not on Saving Draft
  37. Checkbox on a meta box using CMB2 Plugin
  38. Decide Metabox Configurations for All Users
  39. metabox select – frontend display
  40. save_post action to include wp_insert_post_data filter, gathering meta field info & prevent infinite loop
  41. Set default post author to none on new post
  42. how to save and get selected item id list with add_meta_box
  43. How to have meta boxes save via REST in Gutenberg?
  44. Remove anchor tag from meta box link
  45. Show preview of post changes on page
  46. Add Metabox to settings / options page
  47. Undefined index error in custom post metabox
  48. WPAlchemy MediaAccess inserting media link in WP Editor instead of custom field in metabox [closed]
  49. Meta Box will not display
  50. cannot grab post meta from extended Walker_Category class properly
  51. Resetting admin post form on JS validation fail
  52. How do you List all Sidebars in a Metabox
  53. Create more Meta Boxes as needed
  54. Add a meta box to ALL Pages
  55. How can i use this meta box function in my template ? (WordPress)
  56. How to disable Author dropdown in Gutenberg’s Status and Visibility panel
  57. How to remove some metaboxes for CPTs?
  58. How to add metabox ONLY to specific WooCommerce product type [closed]
  59. Why does not my metabox save?
  60. Add metabox without the container
  61. wpalchemi metabox doesn’t show value from my post type
  62. HTML Table creator in metabox to put into post theme
  63. Display stored value in Meta Box
  64. How to use Gutenberg in CMB2?
  65. Display Content if custom meta box checkbox is checked
  66. How to add meta box for current post format?
  67. How to check specific value in two metabox?
  68. How to show taxonomy terms from wordpress database?
  69. link featured image to external link
  70. How can i get multi checkboxes value in metbox?
  71. Understanding WordPress’ post type support
  72. save radio button selection in post-meta on submit
  73. ShortCut on meta boxes
  74. Post edit screen: How to check if meta_box is registered?
  75. How using the Meta Box plugin, to filter posts by the value of a post type field?
  76. How to ‘clone’ select metabox options with a callback function? [closed]
  77. Saving multiple fields (dropdown and text) in custom metabox
  78. save meta data of custom post type: WP_Error has no effect, even if insufficient capabilities
  79. display all registered meta boxes
  80. where can i see the registered new field for posts using register_meta() ?
  81. update_post_meta doesn’t work
  82. Resposive admin classes?
  83. Make metabox always be on top (sticky)
  84. Ridiculous problem with CDATA [duplicate]
  85. Can’t save drop down select date in meta boxes
  86. WordPress check if value equals and echo “checked”
  87. Custom metabox for file upload return empty filename
  88. Video slideshow
  89. Meta Box Value not saving / populating?
  90. Customer portal (posts as checklist)
  91. How to set default screen options?
  92. Reload meta box content with AJAX
  93. Option to delete value in metabox
  94. why esc_url not working in smartmetabox
  95. Change Default Custom Fields Metabox Name on cctm plugin
  96. How to create metabox that can be queried in the database?
  97. Form submit from modal window to parent window
  98. Allow iframe in custom meta box
  99. Datepicker altField and altFormat to save a new meta key/value in a post?
  100. Is there a way to remove the Add boxes from the Screen Options menu metabox?