Simple but serious bug caused by QUrl behavior in kde-open, when url contains a plus sign
-
I'm currently investigating a bug in
kde-openrelated to its inability to correctly parse certain custom URL protocols that contain a special character.The Scenario:
When opening a remote file via the
vscode-remoteprotocol,xdg-openreceives a URL similar to this:
vscode-remote://ssh+devserver/my/file/path
(Wheressh+is an integral part of the scheme identifier.)As a backend for
xdg-open,kde-openusesQUrl::fromUserInputto convert the input string into aQUrlobject. It then uses the resulting scheme (from.scheme()) to look up a registeredx-scheme-handlerand select the appropriate application.The Core Problem:
When the input string's scheme contains a plus sign (
+),QUrl::fromUserInputautomatically prependshttp://to the link. This forces the URL to be interpreted under thehttpprotocol, which preventskde-openfrom finding the correct program and ultimately causes a browser to be launched.My analysis of the documentation and source code suggests that URLs containing a
+sign (or its escape,%2B) are considered invalid by Qt's initial parsing logic, triggeringQUrl::fromUserInput's "best guess" mechanism, incorrectly defaults to prependinghttp://.Questions for Discussion and Clarification:
- URL Standard Compliance: Why is a URL scheme containing a plus sign considered invalid? Is this mandated by RFCs (URL standards)? If not, is this limitation in Qt necessary, or should it be revisited?
- Guessing Conservatism: Is it possible to make the
QUrl::fromUserInputguessing logic more conservative, ideally preserving the original scheme if it's not a known standard protocol likeftp://? - KDE Architectural Choice: If a change cannot be made at the Qt level, should KDE reconsider using
QUrl::fromUserInputfor accepting general URL input in utilities likekde-open? (A similar concern is already documented in KDE Bug 501398.)
I am not affiliated with the KDE or Qt development teams, but I am keen to contribute to the resolution of this bug. I'm seeking insight into the underlying standards and the most appropriate path forward.
-
code to reproduce: https://pastebin.com/rTuaeK02
-
I'm currently investigating a bug in
kde-openrelated to its inability to correctly parse certain custom URL protocols that contain a special character.The Scenario:
When opening a remote file via the
vscode-remoteprotocol,xdg-openreceives a URL similar to this:
vscode-remote://ssh+devserver/my/file/path
(Wheressh+is an integral part of the scheme identifier.)As a backend for
xdg-open,kde-openusesQUrl::fromUserInputto convert the input string into aQUrlobject. It then uses the resulting scheme (from.scheme()) to look up a registeredx-scheme-handlerand select the appropriate application.The Core Problem:
When the input string's scheme contains a plus sign (
+),QUrl::fromUserInputautomatically prependshttp://to the link. This forces the URL to be interpreted under thehttpprotocol, which preventskde-openfrom finding the correct program and ultimately causes a browser to be launched.My analysis of the documentation and source code suggests that URLs containing a
+sign (or its escape,%2B) are considered invalid by Qt's initial parsing logic, triggeringQUrl::fromUserInput's "best guess" mechanism, incorrectly defaults to prependinghttp://.Questions for Discussion and Clarification:
- URL Standard Compliance: Why is a URL scheme containing a plus sign considered invalid? Is this mandated by RFCs (URL standards)? If not, is this limitation in Qt necessary, or should it be revisited?
- Guessing Conservatism: Is it possible to make the
QUrl::fromUserInputguessing logic more conservative, ideally preserving the original scheme if it's not a known standard protocol likeftp://? - KDE Architectural Choice: If a change cannot be made at the Qt level, should KDE reconsider using
QUrl::fromUserInputfor accepting general URL input in utilities likekde-open? (A similar concern is already documented in KDE Bug 501398.)
I am not affiliated with the KDE or Qt development teams, but I am keen to contribute to the resolution of this bug. I'm seeking insight into the underlying standards and the most appropriate path forward.
@ShwStone Welcome to the forum.
This topic doesn't really fit here as it not really a Qt usage question - Qt is more of an incidental implementation detail of a KDE user tool. I don't believe there are many KDE developers lurking here, and even so it is not the natural place for discussion of that nature.
Issues should be reported to KDE's bugzilla, but I understand that it is hard to get tickets noticed there. Perhaps KDE's user forum (https://discuss.kde.org/) have a better for that, or the kde-devel mailing list.
-
S ShwStone has marked this topic as solved
-
S ShwStone has marked this topic as unsolved