Summary

Allow the list of Markdown-safe URL protocols to be customized.

Review Request #11601 — Created May 11, 2021 and submitted May 17, 2021, 5:27 p.m.

Information

Owner

chipx86

Repository

Review Board

Branch

release-3.0.x

Bugs

Depends On

Reviewers

Groups

reviewboard

People

Description

When adding the enhanced HTML/URL sanitization for Markdown rendering in
Review Board 3.0.22, we broke a particular use case from one of our
users. They were making use of eclipse:// URLs, which linked to some
part of their Eclipse setup. The only URL protocols allowed were
http://, https://, and mailto:, and anything else got basically
stripped away or turned into text.

It's likely this user's use case isn't unique. To support it, we're
introducing an advanced setting in settings_local.py:
ALLOWED_MARKDOWN_URL_PROTOCOLS. This can be set to a list of URL
protocols considered safe, and will supplement the defaults.

There's no configuration for this, and it's not currently documented
outside of an entry in settings.py, but it'll be available as a
feature in 3.0.24.

Testing Done

Unit tests pass.

Commits

Summary	ID
Allow the list of Markdown-safe URL protocols to be customized. When adding the enhanced HTML/URL sanitization for Markdown rendering in Review Board 3.0.22, we broke a particular use case from one of our users. They were making use of `eclipse://` URLs, which linked to some part of their Eclipse setup. The only URL protocols allowed were `http://`, `https://`, and `mailto:`, and anything else got basically stripped away or turned into text. It's likely this user's use case isn't unique. To support it, we're introducing an advanced setting in `settings_local.py`: `ALLOWED_MARKDOWN_URL_PROTOCOLS`. This can be set to a list of URL protocols considered safe, and will supplement the defaults. There's no configuration for this, and it's not currently documented outside of an entry in `settings.py`, but it'll be available as a feature in 3.0.24.	f35e962d6ee664ced93841fc130cf3dfaefea5cc

Summary

Allow the list of Markdown-safe URL protocols to be customized.

When adding the enhanced HTML/URL sanitization for Markdown rendering in Review Board 3.0.22, we broke a particular use case from one of our users. They were making use of `eclipse://` URLs, which linked to some part of their Eclipse setup. The only URL protocols allowed were `http://`, `https://`, and `mailto:`, and anything else got basically stripped away or turned into text. It's likely this user's use case isn't unique. To support it, we're introducing an advanced setting in `settings_local.py`: `ALLOWED_MARKDOWN_URL_PROTOCOLS`. This can be set to a list of URL protocols considered safe, and will supplement the defaults. There's no configuration for this, and it's not currently documented outside of an entry in `settings.py`, but it'll be available as a feature in 3.0.24.

f35e962d6ee664ced93841fc130cf3dfaefea5cc

flake8 passed.

JSHint passed.

Ship it!

reviewboard/settings.py (Diff revision 1)
```
Teehee
```

Status:: Completed
Change Summary:: Pushed to release-3.0.x (0232151)

reviewboard/settings.py (Diff revision 1)