htmlpurifier icon indicating copy to clipboard operation
htmlpurifier copied to clipboard
verified publisher icon ezyang

Adding additional protocol handlers to URI.AllowedSchemes

Open iainhenderson opened this issue 2 years ago • 8 comments

It looks like a few fairly popular protocol handlers are being stripped out by purifier. Could URI.AllowedSchemes be extended to allow options for:

  • sms:
  • callto:
  • fax:

iainhenderson avatar May 16 '23 06:05 iainhenderson

邮件已收到,谢谢!

pyres01 avatar May 16 '23 06:05 pyres01

Yeah, we need sms: in our HTMLPurifier configs

maxfenton avatar Feb 22 '24 20:02 maxfenton

ok, send a pr

ezyang avatar Feb 24 '24 22:02 ezyang

@ezyang What permissions would I need to add a PR?

I have a feature branch that duplicates the tel: tests for sms: in:

  • tests/HTMLPurifier/AttrDef/URITest.php
  • tests/HTMLPurifier/URIFilter/MakeAbsoluteTest.php
  • tests/HTMLPurifier/URIParserTest.php
  • tests/HTMLPurifier/URISchemeTest.php

and essentially duplicates library/HTMLPurifier/URIScheme/tel.php as library/HTMLPurifier/URIScheme/sms.php with the class name HTMLPurifier_URIScheme_sms and the header comment:

/**
 * Validates sms (for text messaging).
 *
 * The relevant specification for this protocol is RFC 5724,
 * but this class normalizes phone numbers like HTMLPurifier_URIScheme_tel
 * so that they only include (possibly) a leading plus, and then any
 * number of digits and x'es.
 * 
 * Note this does not yet handle the full test case of:
 * href="sms:+19999999999?&body=Hello%2520I%252C%2520have%2527a%2520question%25"
 */

I might be missing an addition needed to URI.AllowedSchemes

maxfenton avatar Apr 02 '24 16:04 maxfenton

邮件已收到,谢谢!

pyres01 avatar Apr 02 '24 16:04 pyres01

Just open a PR from a branch on your fork

ezyang avatar Apr 05 '24 10:04 ezyang