link_url looks at a candidate.
verify url checks that a url is a valid and possible uri in the terms of RFC2396
Used in our CGI bin programs, untaint_url takes a scalar and returns it untainted if and only if it's contains only valid url characters and it is a valid url according to verify_url.
A fundamental assumption in using this function is that your software can handle anything which looks like a valid URL, even if it isn't a valid url. E.g.
Fragments have fairly free syntax but RFC 2396 says clearly they should conform to the same character set as URIs. Unfortunately, it seems that many people put spaces in their fragments in contradiction with the RFC since it works in HTML in practice.
We choose not to accept those and people should be able to change over?
If it turns out, as it probably will, that there is a real need for spaces in cross references to other people's documents which can't be fixed then maybe we will have to reconsider.