Patch using $wgUrlProtocols in the API
formatHTML() uses a protocol whitelist to avoid protocol injections (such as javascript:, see r17105).
However, this list is arbitrary. It should be detecting the same protocols accepted into the wiki ie. $wgUrlProtocols
Version: 1.14.x
Severity: enhancement
Attached: