The link widget seems to rely purely on native browser side validation for checking the validity of external URLs. When an invalid URL such as "http:" (on Firefox) or "irc:" (on Chromium and Firefox) is used then these malformed URLs are accepted.
Steps to replicate:
This was originally reported by idimopoulos → .
There are two proposals
1) Add validation for punycode and magnet links in /core/modules/link/src/Plugin/Validation/Constraint/LinkExternalProtocolsConstraintValidator
or
2) Use the Symfony Url Validator,
#34 →
. This was proposed 6 years ago in
#295021: filter_var() with FILTER_VALIDATE_URL accepts malformed URLs and rejects not all valid URLs →
and 4 years ago in
#2691099: Improve external URL validation in many ways →
Choose a proposed resolution and if the 1) then decide if these changes should be in UrlHelper See #21 →
Needs work
11.0 🔥
The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
The Needs Review Queue Bot → tested this issue.
While you are making the above changes, we recommend that you convert this patch to a merge request → . Merge requests are preferred over patches. Be sure to hide the old patch files as well. (Converting an issue to a merge request without other contributions to the issue will not receive credit.)