## General developer forum

### Problem with URL Schemes and Purify HTML / URL resource auto-open

Problem with URL Schemes and Purify HTML / URL resource auto-open

Hello,

as noted in this forum discussion:

https://moodle.org/mod/forum/discuss.php?d=358172

There are problems when using the URL resource with custom URL Schemes and the embed or auto-open behaviour.

I took a deeper look at the code and, as I thought, the problem is not with the URL module per se. It is in the Moodle's "purify_html" that is used by the "clean_text" function that is used inside "redirect" function.

Here is a copy of the code of the interesting part of the redirect function in lib/weblib.php:

2789     // Sanitise url - we can not rely on moodle_url or our URL cleaning
2790     // because they do not support all valid external URLs.
2791     $url = preg_replace('/[\x00-\x1F\x7F]/', '',$url);
2792     $url = str_replace('"', '%22',$url);
2793     $encodedurl = preg_replace("/\&(?![a-zA-Z0-9#]{1,8};)/", "&amp;",$url);
2794     $encodedurl = preg_replace('/^.*href="([^"]*)".*$/', "\\1", clean_text('<a href="'.$encodedurl. '" />', FORMAT_HTML)); 2795$url = str_replace('&amp;', '&', $encodedurl); The call to clean_text calls purify HTML (lib/weblib.php): 1685 if (is_purify_html_necessary($text)) {
1686         $text = purify_html($text, $options); 1687 } And although there is a call to 809$config->set('URI.AllowedSchemes', array(

I added the "vidyoconnector" scheme to it, cleaned the caches and nothing changed, after the "purify" call, the return will by <a></a> :

1898     $filteredtext = (string)$purifier->purify(\$filteredtext);

Any ideas?

Average of ratings: -
Re: Problem with URL Schemes and Purify HTML / URL resource auto-open

Hello,

many applications nowadays use custom schemes, such whatsapp and others.

Mooodle does not allow many of these new schemes, only old ones like mms and irc and so.

If we would like to allow more interoperability with current tools, it seems that this is an important step to fix.

I looked at the code and it seems that each scheme needs to be added to the AlloedSchemes for HTMLPurifier and also needs a class that validates it. You can take a look at https://github.com/moodle/moodle/compare/master...danielneis:MDL-59372 to see and example for adding the "MDL" scheme (with tests passing https://travis-ci.org/danielneis/moodle/jobs/297976735).

It would be nice if we could have a way for users or administrators to add other schemes without changing the Moodle code.

If you are interested in this, please take a look at MDL-59372

Average of ratings: Useful (1)