Page MenuHomePhabricator

Use $wgUrlProtocols for URL validation in forms
Closed, ResolvedPublic


The function validateURLField() in libs/PageForms.js checks whether a string starts with "http", "ftp", etc., and displays an error if not. It would be better if this function used the wgUrlProtocols variable, which is more complete:$wgUrlProtocols

It can be accessed in JavaScript via mw.config.get( 'wgUrlProtocols' ).


Related Gerrit Patches:

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 2 2017, 3:11 AM

@Yaron_Koren I'm interested to work on this task,can you tell where is the validateURLField function called ? Like in which page ex http://localhost/index.php/Special:CreateForm.
I'd like to know how to check the functionality.
Thanks !

@Harjotsingh - you've already taken other tasks; please un-claim this one to leave it for someone else.

Harjotsingh removed Harjotsingh as the assignee of this task.Mar 13 2017, 5:30 PM
Fz-29 claimed this task.Mar 13 2017, 9:59 PM
Fz-29 added a subscriber: Fz-29.

I would like to work on this.

How should I go about working on it, on which page shall I find its functionality ?

Fz-29 removed Fz-29 as the assignee of this task.Mar 20 2017, 11:23 PM

Please let me know if no one is taking this task, I'm willing to work on it.

Fz-29 added a comment.Mar 21 2017, 9:53 AM

I guess I have patched it, I will submit it after testing.

Fz-29 claimed this task.Mar 21 2017, 10:00 AM

Change 343870 had a related patch set uploaded (by Fz-29):
[mediawiki/extensions/PageForms] Improvements for T159405 - Used the wgUrlProtocols in validateURLField()

Change 343870 merged by jenkins-bot:
[mediawiki/extensions/PageForms@master] Improvements for T159405 - Used the wgUrlProtocols in validateURLField()

Yaron_Koren closed this task as Resolved.Apr 13 2017, 3:17 PM

I'm not 100% sure how this function is used, so i might be wrong, but I think you'd want to anchor the regex (Start it with a ^ and end it with a $) so that the user can't insert non-url things before or after the url. As of the commit above, it only verifies that the field has a url in it, not that it only contains a url.