[FEATURE] Use https by default when autolinking in RTE

When using CKEditor with autolinking plugin enabled (e.g. simply typing www.typo3.org in the RTE) https:// is now used by default when a link is generated. This change reflects the "secure-first" approach by using https:// by default, however users can still manually change this to http://. More than 90% of the web now serve via HTTPS (also see https://transparencyreport.google.com/https) Resolves: #90336 Releases: master Change-Id: I38e4034915f66fd1f169bc96f27026a6427de156 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69923 Tested-by: Oliver Bartsch <bo@cedev.de> Tested-by: core-ci <typo3@b13.com> Tested-by: Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by: Oliver Bartsch <bo@cedev.de> Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
TYPO3 · Jul 22, 2021 · 8cff525 · 8cff525
1 parent bcb5090
commit 8cff525
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 1 deletion.
diff --git a/...tation/Changelog/master/Feature-90336-CKEditorAutolinkingUsesHttpsByDefault.rst b/...tation/Changelog/master/Feature-90336-CKEditorAutolinkingUsesHttpsByDefault.rst
@@ -0,0 +1,37 @@
+.. include:: ../../Includes.txt
+
+============================================================
+Feature: #90336 - CKEditor Autolinking uses https by default
+============================================================
+
+See :issue:`90336`
+
+Description
+===========
+
+TYPO3 ships with a CKEditor plugin called "autolinking", which
+automatically converts typed text within a RTE to an external URL.
+
+When typing `www.typo3.org` this is automatically converted to
+an absolute external link, which previously used "http://" as
+schema.
+
+Nowadays, over 90% of the web is served via the https protocol
+and secure connections via SSL/TLS, where it is safe to 
+use secure-by-default links.
+
+When not specifically using a schema as prefix for an autolinking
+URL, CKEditor now uses `https` instead of `http` as schema by default.
+
+
+Impact
+======
+
+When typing a URL like www.typo3.org in the RTE and the autolinking
+plugin is activated, the default schema used is now `https` instead
+of `http` for any new links.
+
+However, it is - as before - fully possible to manually change a
+link to use the `http://` schema instead.
+
+.. index:: RTE, ext:rte_ckeditor
diff --git a/typo3/sysext/rte_ckeditor/Resources/Public/JavaScript/Plugins/autolinking.js b/typo3/sysext/rte_ckeditor/Resources/Public/JavaScript/Plugins/autolinking.js
@@ -114,7 +114,7 @@ CKEDITOR.plugins.add('autolinking', {
             a.href = a.innerHTML;
           }
           href = a.getAttribute('href').replace(new RegExp(fillChar, 'g'), '');
-          href = /^(?:https?:\/\/)/ig.test(href) ? href : 'http://' + href;
+          href = /^(?:https?:\/\/)/ig.test(href) || /^(?:http?:\/\/)/ig.test(href) ? href : 'https://' + href;
           a.href = html(href);
 
           let textNode = document.createTextNode(endChar);