Guys, tell me, please, is there anything, that I need to do to protect url from xss attacks or Yii add protection by default? I know about Html::encode, but how about urls? For example, if url is created from user input. Do I need to filter it and do something with it before show in page? Or I can just give all params to yii\helpers\Url class and result will be safe for display?