html – Principally, is input type=”text” instead input type=”url” a security problem for “website” form fields?

I have a simple HTML-PHP-CSS contact form (no JavaScript) with some trivial fields sent via PHP’s mail() function. One of the fields is “website” field in which a user should input a website domain (if relevant).


If I add to the form field with input type="url" it obligates users to add a protocol prefix such as http:// or https:// to any website domain or full URL.

Most users don’t even think about adding a protocol prefix and would get an error for lacking it and the form won’t be submitted without it (some users might not understand the error) so accessibilitywise I have figured that I shouldn’t use input type="url" at all and should find another kind of input field to ask for a website domain.


I thought about changing type="url" to type="text".

Perhaps there are some security considerations if one takes that approach.

Principally, is input type="text" instead input type="url" a security problem for “website” form fields?