fix #1545 and close #1547

var/Widget/Base/Comments.php

@@ -268,7 +268,7 @@ class Comments extends Base implements QueryInterface
         $noFollow = (null === $noFollow) ? $this->options->commentsUrlNofollow : $noFollow;
 
         if ($this->url && $autoLink) {
-            echo '<a href="' . $this->url . '"'
+            echo '<a href="' . Common::safeUrl($this->url) . '"'
                 . ($noFollow ? ' rel="external nofollow"' : null) . '>' . $this->author . '</a>';
         } else {
             echo $this->author;

var/Widget/Feedback.php

@@ -206,7 +206,7 @@ class Feedback extends Comments implements ActionInterface
             /** Anti-XSS */
             $comment['author'] = $this->request->filter('trim')->author;
             $comment['mail'] = $this->request->filter('trim')->mail;
-            $comment['url'] = $this->request->filter('trim')->url;
+            $comment['url'] = $this->request->filter('trim', 'url')->url;
 
             /** 修正用户提交的url */
             if (!empty($comment['url'])) {
@@ -305,7 +305,7 @@ class Feedback extends Comments implements ActionInterface
         ];
 
         $trackback['author'] = $this->request->filter('trim')->blog_name;
-        $trackback['url'] = $this->request->filter('trim')->url;
+        $trackback['url'] = $this->request->filter('trim', 'url')->url;
         $trackback['text'] = $this->request->excerpt;
 
         //检验格式

var/Widget/Options.php

@@ -82,7 +82,7 @@ if (!defined('__TYPECHO_ROOT_DIR__')) {
  * @property bool $commentsRequireModeration
  * @property bool $commentsWhitelist
  * @property bool $commentsRequireMail
- * @property bool $commentsRequireURL
+ * @property bool $commentsRequireUrl
  * @property bool $commentsCheckReferer
  * @property bool $commentsAntiSpam
  * @property bool $commentsAutoClose