Handle protocol-relative links in sanitize_url

We should allow these when `not require_scheme`. Keeps the current behaviour of appending `http://` for URLs like `example.com/whatever`, but will use the current protocol for URLs like `//example.com/whatever`.
2026-04-27 03:00:12 -04:00 · 2015-04-23 04:14:10 -07:00
parent fed2f2be07
commit 8f0a779c22
1 changed files with 7 additions and 1 deletions
--- a/r2/r2/lib/utils/utils.py
+++ b/r2/r2/lib/utils/utils.py
@@ -340,7 +340,13 @@ def sanitize_url(url, require_scheme=False, valid_schemes=VALID_SCHEMES):
        u = urlparse(url)
        # first pass: make sure a scheme has been specified
        if not require_scheme and not u.scheme:
-            url = 'http://' + url
+            # "//example.com/"
+            if u.hostname:
+                prepend = "https:" if c.secure else "http:"
+            # "example.com/"
+            else:
+                prepend = "http://"
+            url = prepend + url
            u = urlparse(url)
    except ValueError:
        return None