Patch #41941
open
Add support for tel: protocol to custom fields
0%
Description
These days softphones are very popular and used by many employees. It would be great if Redmine could create links with the tel protocol to let users make calls quickly and effortless.
It's a small change but can significantly increase the comfort for users.
Files
Related issues
Updated by Bernhard Rohloff 15 days ago
- Related to Feature #10889: Add support for the 'tel' URL protocol handler added
Updated by Holger Just 14 days ago
Your patch does (probably?) not solve the underlying issue and is at the wrong place.
uri_with_safe_scheme? is intended to validate the schemes of URLs of e.g. <img> tags or other resources which cause the browser to load them directly. The correct method to use for links would be uri_with_link_safe_scheme? instead.
With that being said, uri_with_safe_scheme? is the oldest of these related methods and its semantics have changed slightly over time. It might be that this method is sill erroneously used in places where uri_with_link_safe_scheme? should be used instead.
In any case, please also provide some tests for changed behavior. This is especially important here since these changes may cause new XSS vulnerabilities in Redmine if we are not careful.
Updated by Bernhard Rohloff 12 days ago
- File unit_test_for_add_tel_to_custom_field_url_pattern.diff unit_test_for_add_tel_to_custom_field_url_pattern.diff added
Holger Just wrote in #note-2:
Your patch does (probably?) not solve the underlying issue and is at the wrong place.
uri_with_safe_scheme?is intended to validate the schemes of URLs of e.g.<img>tags or other resources which cause the browser to load them directly. The correct method to use for links would beuri_with_link_safe_scheme?instead.With that being said,
uri_with_safe_scheme?is the oldest of these related methods and its semantics have changed slightly over time. It might be that this method is sill erroneously used in places whereuri_with_link_safe_scheme?should be used instead.In any case, please also provide some tests for changed behavior. This is especially important here since these changes may cause new XSS vulnerabilities in Redmine if we are not careful.
The propsed change is only meant for providing the ability of creating links for phone numbers in custom fields. It's solving the issue as the method uri_with_link_safe_scheme? whitelists the allowed protocols for links and is used by source:trunk/lib/redmine/field_format.rb#L217. I've tested the solution and it's working in my dev environment. The patch just adds the :tel scheme to the list. Attached is a patch for extending the existing unit test of the proposed change.