General developer forum

Problem with URL Schemes and Purify HTML / URL resource auto-open

Picture of Daniel Neis Araujo
Problem with URL Schemes and Purify HTML / URL resource auto-open
Group Core developersGroup Particularly helpful MoodlersGroup Plugin developersGroup Translators


as noted in this forum discussion:

There are problems when using the URL resource with custom URL Schemes and the embed or auto-open behaviour.

I took a deeper look at the code and, as I thought, the problem is not with the URL module per se. It is in the Moodle's "purify_html" that is used by the "clean_text" function that is used inside "redirect" function.

Here is a copy of the code of the interesting part of the redirect function in lib/weblib.php:

2789     // Sanitise url - we can not rely on moodle_url or our URL cleaning
2790     // because they do not support all valid external URLs.
2791     $url = preg_replace('/[\x00-\x1F\x7F]/', '', $url);
2792     $url = str_replace('"', '%22', $url);
2793     $encodedurl = preg_replace("/\&(?![a-zA-Z0-9#]{1,8};)/", "&", $url);
2794     $encodedurl = preg_replace('/^.*href="([^"]*)".*$/', "\\1", clean_text('<a href="'.$encodedurl.     '" />', FORMAT_HTML));
2795     $url = str_replace('&amp;', '&', $encodedurl);

The call to clean_text calls purify HTML (lib/weblib.php):

1685     if (is_purify_html_necessary($text)) {
1686         $text = purify_html($text, $options);
1687     }

And although there is a call to

809         $config->set('URI.AllowedSchemes', array(

I added the "vidyoconnector" scheme to it, cleaned the caches and nothing changed, after the "purify" call, the return will by <a></a> :

1898     $filteredtext = (string)$purifier->purify($filteredtext);

Any ideas?

Average of ratings: -