Does specifying "http://" or "https://" eliminate risk of attacks in user-input links?

I want to allow users to make links in my web app that other users can see. I don't want them to be able to run any javascript or xss or anything, of course. Does a simple "http://" at the beginning eliminate those problems? That is, if an href starts with "http://", can I let my users c开发者_运维问答lick it without worrying too much?

As long as you escape html tags and quotes in the links they post, there won't be any problem. Obviously, if a site contains a reflected xss, such as http://example.com/?x=<script>...</script> and such a link is posted, you can't avoid the xss if the page they're redirected to is xss vulnerable.