Allow the list of Markdown-safe URL protocols to be customized.

Review Request #11601 — Created May 11, 2021 and submitted

Information

Review Board
release-3.0.x

Reviewers

When adding the enhanced HTML/URL sanitization for Markdown rendering in
Review Board 3.0.22, we broke a particular use case from one of our
users. They were making use of eclipse:// URLs, which linked to some
part of their Eclipse setup. The only URL protocols allowed were
http://, https://, and mailto:, and anything else got basically
stripped away or turned into text.

It's likely this user's use case isn't unique. To support it, we're
introducing an advanced setting in settings_local.py:
ALLOWED_MARKDOWN_URL_PROTOCOLS. This can be set to a list of URL
protocols considered safe, and will supplement the defaults.

There's no configuration for this, and it's not currently documented
outside of an entry in settings.py, but it'll be available as a
feature in 3.0.24.

Unit tests pass.

Summary ID
Allow the list of Markdown-safe URL protocols to be customized.
When adding the enhanced HTML/URL sanitization for Markdown rendering in Review Board 3.0.22, we broke a particular use case from one of our users. They were making use of `eclipse://` URLs, which linked to some part of their Eclipse setup. The only URL protocols allowed were `http://`, `https://`, and `mailto:`, and anything else got basically stripped away or turned into text. It's likely this user's use case isn't unique. To support it, we're introducing an advanced setting in `settings_local.py`: `ALLOWED_MARKDOWN_URL_PROTOCOLS`. This can be set to a list of URL protocols considered safe, and will supplement the defaults. There's no configuration for this, and it's not currently documented outside of an entry in `settings.py`, but it'll be available as a feature in 3.0.24.
f35e962d6ee664ced93841fc130cf3dfaefea5cc
david
  1. 
      
  2. reviewboard/settings.py (Diff revision 1)
     
     

    Teehee

  3. 
      
chipx86
Review request changed
Status:
Completed
Change Summary:
Pushed to release-3.0.x (0232151)