validating url values currently allows for invalid URLs to pass, e.g.:
- "http://" is allowed
- "http://yadda.yadda/foo bar" is allowed
We should check at least that:
- there is no white space in the URL
- for http/https, that the ":" is followed by "//" and a non-empty host name.