Defect #33701

URI check (for Custom Fields) overly restrictive (only http, https, ftp and mailto allowed)

Added by Holger Mößinger 6 months ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Custom fields
Target version:-
Resolution: Affected version:4.1.1

Description

When adding Custom Fields it is possible to specify an url to link to ("Link values to URL").

When trying to add a URL that points to a VOIP telephone number (sip scheme) the url is rejected as invalid.

In "CustomField.new" the URL validation happens in the function "validate_custom_field" (https://github.com/redmine/redmine/blob/d050d515448607798f20bb91284654ea78d26c6a/lib/redmine/field_format.rb#L211) with a call to "uri_with_safe_scheme" (https://github.com/redmine/redmine/blob/d050d515448607798f20bb91284654ea78d26c6a/lib/redmine/helpers/url.rb#L25)

In "uri_with_safe_scheme" the only schemes allowed are 'http', 'https', 'ftp' and 'mailto'. There are so many other useful schemes out there nowadays, which Browsers know to handle that this restriction seems overly strict.

Is this check at all necessary? Especially for custom fields, where an administrator defines the URL?

Should not the Client/Brower take care of this anyway?

Also available in: Atom PDF