diff --git a/helpdesk/models.py b/helpdesk/models.py index 7f18cf20..a2d7f901 100644 --- a/helpdesk/models.py +++ b/helpdesk/models.py @@ -56,6 +56,10 @@ def get_markdown(text): if not text: return "" + schemes = '|'.join(helpdesk_settings.ALLOWED_URL_SCHEMES) + pattern = fr'\[(.+)\]\((?!({schemes})).*:(.+)\)' + text = re.sub(pattern, '[\\1](\\3)', text, flags=re.IGNORECASE) + return mark_safe( markdown( text, diff --git a/helpdesk/settings.py b/helpdesk/settings.py index 6437502e..c68cc4b9 100644 --- a/helpdesk/settings.py +++ b/helpdesk/settings.py @@ -76,7 +76,10 @@ HELPDESK_AUTO_SUBSCRIBE_ON_TICKET_RESPONSE = getattr(settings, 'HELPDESK_AUTO_SUBSCRIBE_ON_TICKET_RESPONSE', False) - +# URL schemes that are allowed within links +ALLOWED_URL_SCHEMES = getattr(settings, 'ALLOWED_URL_SCHEMES', ( + 'file', 'ftp', 'ftps', 'http', 'https', 'irc', 'mailto', 'sftp', 'ssh', 'tel', 'telnet', 'tftp', 'vnc', 'xmpp', +)) ############################ # options for public pages # ############################