1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-27 16:00:59 +01:00

Update documentation for "uri.allowed-protocols"

Summary: See <https://discourse.phabricator-community.org/t/download-tasks-and-others-as-excel-throw-exception/>.

Test Plan: Read config.

Reviewers: amckinley, avivey

Reviewed By: avivey

Subscribers: avivey

Differential Revision: https://secure.phabricator.com/D20430
This commit is contained in:
epriestley 2019-04-15 11:58:51 -07:00
parent f13709b13b
commit 5a2d0f0437

View file

@ -163,14 +163,26 @@ EOTEXT
'mailto' => true,
))
->setSummary(
pht('Determines which URI protocols are auto-linked.'))
pht(
'Determines which URI protocols are valid for links and '.
'redirects.'))
->setDescription(
pht(
"When users write comments which have URIs, they'll be ".
"automatically linked if the protocol appears in this set. This ".
"whitelist is primarily to prevent security issues like ".
"%s URIs.",
'javascript://'))
'When users write comments which have URIs, they will be '.
'automatically turned into clickable links if the URI protocol '.
'appears in this set.'.
"\n\n".
'This set of allowed protocols is primarily intended to prevent '.
'security issues with "javascript:" and other potentially '.
'dangerous URI handlers.'.
"\n\n".
'This set is also used to enforce valid redirect URIs. '.
'Phabricator will refuse to issue a HTTP "Location" redirect to a '.
'URI with a protocol not on this set.'.
"\n\n".
'Usually, "http" and "https" should be present in this set. If '.
'you remove one or both protocols, some Phabricator features '.
'which rely on links or redirects may not work.'))
->addExample("http\nhttps", pht('Valid Setting'))
->setLocked(true),
$this->newOption(