Allow the list of Markdown-safe URL protocols to be customized.
Review Request #11601 — Created May 11, 2021 and submitted
When adding the enhanced HTML/URL sanitization for Markdown rendering in
Review Board 3.0.22, we broke a particular use case from one of our
users. They were making use ofeclipse://
URLs, which linked to some
part of their Eclipse setup. The only URL protocols allowed were
http://
,https://
, andmailto:
, and anything else got basically
stripped away or turned into text.It's likely this user's use case isn't unique. To support it, we're
introducing an advanced setting insettings_local.py
:
ALLOWED_MARKDOWN_URL_PROTOCOLS
. This can be set to a list of URL
protocols considered safe, and will supplement the defaults.There's no configuration for this, and it's not currently documented
outside of an entry insettings.py
, but it'll be available as a
feature in 3.0.24.
Unit tests pass.
Summary | ID |
---|---|
f35e962d6ee664ced93841fc130cf3dfaefea5cc |