Field SafeSchemes
The set of URI schemes that OpenUrl(string) is permitted to open. Only http, https, and
mailto are allowed by default. Callers that explicitly require additional schemes may modify this set,
but doing so widens the attack surface when Url is populated from untrusted input.
public static readonly HashSet<string> SafeSchemesReturns
- HashSet<string>
- The set of URI schemes that is permitted to open. Only http, https, and mailto are allowed by default. Callers that explicitly require additional schemes may modify this set, but doing so widens the attack surface when is populated from untrusted input.
Remarks
file:// URIs are intentionally excluded from the default set because they allow local filesystem
access and can be used to invoke registered shell handlers on Windows. Applications that display
user-controlled content (Markdown, RSS, log output, etc.) are therefore protected by default.
Migration path for applications that need file:// or other non-default schemes:
Option 1 — Per-link handling via LinkClicked. Handle the URL in the event
and set e.Handled = true to prevent OpenUrl(string) from being called:
<pre><code class="lang-csharp">markdownView.LinkClicked += (_, e) =>
{ if (e.Url.StartsWith("file://", StringComparison.OrdinalIgnoreCase)) { // Handle the file link yourself. e.Handled = true; } };
Option 2 — Global opt-in at application startup. To allow file:// links across the entire
application, add the scheme to this set before any links are activated:
<pre><code class="lang-csharp">Link.SafeSchemes.Add("file");</code></pre>
Only do this in applications where <code>file://</code> URIs originate from trusted content.