link_utils: exposing whitelisted protocols to user settings

jonassorgenfrei · jonassorgenfrei · commit aa21fe9a70b4 · 2025-08-14T00:55:26.000-07:00
Adding config option to set protocols in the config that are
whitelisted to be opened directly.
The behaviour is documented in docs\howto\customize-link-protocols.md.
diff --git a/app/common/config-schemata.ts b/app/common/config-schemata.ts
@@ -36,6 +36,7 @@ export const configSchemata = {
   useManualProxy: z.boolean(),
   useProxy: z.boolean(),
   useSystemProxy: z.boolean(),
+  whitelistedProtocols: z.string().array(),
 };
 
 export const enterpriseConfigSchemata = {
diff --git a/app/common/link-util.ts b/app/common/link-util.ts
@@ -3,10 +3,21 @@ import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
 
-import {html} from "./html.ts";
+import * as ConfigUtil from "./config-util.ts";
+import {Html, html} from "./html.ts";
+import * as t from "./translation-util.ts";
+
+/* Fetches the current protocolLaunchers from settings.json */
+const whitelistedProtocols = ConfigUtil.getConfigItem("whitelistedProtocols", [
+  "http:",
+  "https:",
+  "mailto:",
+  "tel:",
+  "sip:",
+]);
 
 export async function openBrowser(url: URL): Promise<void> {
-  if (["http:", "https:", "mailto:"].includes(url.protocol)) {
+  if (whitelistedProtocols.includes(url.protocol)) {
     await shell.openExternal(url.href);
   } else {
     // For security, indirect links to non-whitelisted protocols
@@ -21,15 +32,21 @@ export async function openBrowser(url: URL): Promise<void> {
           <head>
             <meta charset="UTF-8" />
             <meta http-equiv="Refresh" content="0; url=${url.href}" />
-            <title>Redirecting</title>
+            <title>${t.__("Redirecting")}</title>
             <style>
               html {
                 font-family: menu, "Helvetica Neue", sans-serif;
               }
             </style>
           </head>
           <body>
-            <p>Opening <a href="${url.href}">${url.href}</a>…</p>
+            <p>
+              ${new Html({
+                html: t.__("Opening {{{link}}}…", {
+                  link: html`<a href="${url.href}">${url.href}</a>`.html,
+                }),
+              })}
+            </p>
           </body>
         </html>
       `.html,
diff --git a/docs/howto/customize-link-protocols.md b/docs/howto/customize-link-protocols.md
@@ -0,0 +1,35 @@
+# Customizing Link Protocols
+
+The Zulip app supports opening certain link protocols directly in their associated system applications. These are known as **whitelisted protocols**.
+
+## Default Whitelisted Protocols
+
+By default, the following protocols are whitelisted:
+
+```
+http https mailto tel sip
+```
+
+Links using these protocols are opened directly by the system.
+
+All other protocols are considered potentially unsafe and are therefore opened indirectly—through a local HTML file—in your default web browser.
+
+## Extending the Whitelisted Protocols
+
+It is possible to customize the list of whitelisted protocols by editing the `settings.json` file located at: `userdata/Zulip/config/settings.json`
+
+To add or modify the list, the `whitelistedProtocols` key can be updated. For example:
+
+```json
+{
+    ...
+    "whitelistedProtocols": [
+        "http:",
+        "https:",
+        "mailto:"
+    ]
+    ...
+}
+```
+
+Note: Each protocol should include the trailing colon (:), e.g., "mailto:" instead of "mailto".
