penders - 5:42 pm on Jan 7, 2012 (gmt 0)
Presumably you are parsing .html pages with PHP?
I think this is OK regarding security.
Just a thought.... however, you could tidy it up and define the function at the start of your script. It could be more useful if fetch_url() returned just the URL? Or have a function that returns the whole canonical tag? But if you are not using the function anywhere else then you don't need a function for this.