Fixes T6106, sends in the full editor URI to check if it's allowed or not
Details
Details
- Reviewers
epriestley btrahan - Maniphest Tasks
- T6106: Unable to Open in External Editor when using custom protocols
Set custom editor, check edit link in Diffusion and verify I don't get the help page.
Diff Detail
Diff Detail
- Repository
- rP Phabricator
- Branch
- protocol
- Lint
Lint Passed - Unit
Tests Passed - Build Status
Buildable 2551 Build 2555: [Placeholder Plan] Wait for 30 Seconds
Event Timeline
Comment Actions
I don't think this is correct, and it is potentially dangerous. In theory, it allows specification of a URI like %r://evil, which might pass the hasAllowedProtocol() check but actually be dangerous of %r converts to javascript.
Can you explain the issue in more detail?
Comment Actions
My assumption was this check was missed in D8551, but maybe I misread. What's the correct fix?