link_utils: exposing whitelisted protocols to user settings

jonassorgenfrei · shubham-padia · commit ac1247a9b8a0 · 2025-11-10T09:18:57.000+05:30
Fixes #1284. Adding config option to set protocols in the config that are whitelisted to be opened directly. The behaviour is documented in docs\howto\customize-link-protocols.md.
diff --git a/app/common/config-schemata.ts b/app/common/config-schemata.ts
@@ -36,6 +36,7 @@ export const configSchemata = {
   useManualProxy: z.boolean(),
   useProxy: z.boolean(),
   useSystemProxy: z.boolean(),
+  whitelistedProtocols: z.string().array(),
 };
 export type ConfigSchemata = typeof configSchemata;
 
diff --git a/app/common/link-util.ts b/app/common/link-util.ts
@@ -3,11 +3,20 @@ import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
 
+import * as ConfigUtil from "./config-util.ts";
 import {Html, html} from "./html.ts";
 import * as t from "./translation-util.ts";
 
+const whitelistedProtocols = ConfigUtil.getConfigItem("whitelistedProtocols", [
+  "http:",
+  "https:",
+  "mailto:",
+  "tel:",
+  "sip:",
+]);
+
 export async function openBrowser(url: URL): Promise<void> {
-  if (["http:", "https:", "mailto:"].includes(url.protocol)) {
+  if (whitelistedProtocols.includes(url.protocol)) {
     await shell.openExternal(url.href);
   } else {
     // For security, indirect links to non-whitelisted protocols
diff --git a/docs/howto/customize-link-protocols.md b/docs/howto/customize-link-protocols.md
@@ -0,0 +1,35 @@
+# Customizing Link Protocols
+
+The Zulip app supports opening certain link protocols directly in their associated system applications. These are known as **whitelisted protocols**.
+
+## Default Whitelisted Protocols
+
+By default, the following protocols are whitelisted:
+
+```
+http, https, mailto, tel, sip
+```
+
+Links using these protocols are opened directly by the system.
+
+All other protocols are considered potentially unsafe and are therefore opened indirectly—through a local HTML file in your default web browser.
+
+## Extending the Whitelisted Protocols
+
+It is possible to customize the list of whitelisted protocols by editing the `settings.json` file located at: `userdata/Zulip/config/settings.json`
+
+To modify the list, the `whitelistedProtocols` key can be updated. For example:
+
+```json
+{
+    ...
+    "whitelistedProtocols": [
+        "http:",
+        "https:",
+        "mailto:"
+    ]
+    ...
+}
+```
+
+Note: Each protocol should include the trailing colon (:), e.g., "mailto:" instead of "mailto".
