Project

General

Profile

Actions

Defect #33701

open

URI check (for Custom Fields) overly restrictive (only http, https, ftp and mailto allowed)

Added by Holger Mößinger over 3 years ago. Updated almost 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Custom fields
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

When adding Custom Fields it is possible to specify an url to link to ("Link values to URL").

When trying to add a URL that points to a VOIP telephone number (sip scheme) the url is rejected as invalid.

In "CustomField.new" the URL validation happens in the function "validate_custom_field" (https://github.com/redmine/redmine/blob/d050d515448607798f20bb91284654ea78d26c6a/lib/redmine/field_format.rb#L211) with a call to "uri_with_safe_scheme" (https://github.com/redmine/redmine/blob/d050d515448607798f20bb91284654ea78d26c6a/lib/redmine/helpers/url.rb#L25)

In "uri_with_safe_scheme" the only schemes allowed are 'http', 'https', 'ftp' and 'mailto'. There are so many other useful schemes out there nowadays, which Browsers know to handle that this restriction seems overly strict.

Is this check at all necessary? Especially for custom fields, where an administrator defines the URL?

Should not the Client/Brower take care of this anyway?

Actions #1

Updated by Michael Schneider almost 3 years ago

+1

Actions

Also available in: Atom PDF