From b6a5ba21a130110c47d9dc43b3d6662051ba22b5 Mon Sep 17 00:00:00 2001
From: Christian Duerr <contact@christianduerr.com>
Date: Thu, 3 Jan 2019 21:18:26 +0100
Subject: Limit number of URL schemes

This limits the number of allowed schemes for the URL launcher, to
reduce the number of false-positives.

The accepted URL schemes are now:
    - http
    - https
    - mailto
    - news
    - file
    - git
    - ssh
    - ftp

This fixes #1727.
---
 src/term/mod.rs | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/term/mod.rs b/src/term/mod.rs
index c699adc9..dcde62c8 100644
--- a/src/term/mod.rs
+++ b/src/term/mod.rs
@@ -41,6 +41,7 @@ use self::cell::LineLength;
 // See https://tools.ietf.org/html/rfc3987#page-13
 const URL_SEPARATOR_CHARS: [char; 10] = ['<', '>', '"', ' ', '{', '}', '|', '\\', '^', '`'];
 const URL_DENY_END_CHARS: [char; 7] = ['.', ',', ';', ':', '?', '!', '/'];
+const URL_SCHEMES: [&str; 8] = ["http", "https", "mailto", "news", "file", "git", "ssh", "ftp"];
 
 /// A type that can expand a given point to a region
 ///
@@ -148,7 +149,13 @@ impl Search for Term {
 
         // Check if string is valid url
         match Url::parse(&buf) {
-            Ok(_) => Some(buf),
+            Ok(url) => {
+                if URL_SCHEMES.contains(&url.scheme()) {
+                    Some(buf)
+                } else {
+                    None
+                }
+            }
             Err(_) => None,
         }
     }
-- 
cgit v1.2.3-54-g00ecf