Chinese Characters in URLs not allowed

[marcruef]

Prerequisites

• [x] Put an X between the brackets on this line if you have done all of the following:
  • Checked the FAQs on the message board for common solutions: (TBD)
  • Checked that your issue isn't already filed.

Description

If a JSON contains an URL with Chinese characters the validation fails.

Steps to Reproduce

1. Create a JSON file with an URL element
2. Put something like https://github.com/4nNns/cveAdd/blob/developer/sqli/万户EZOFFICE%20前台SQL注入漏洞.md in it
3. Try to upload the file

Expected behavior:

JSON file is accepted

Actual behavior:

JSON file is rejected

Reproduces how often:

100%

Versions

2.2.0

Additional Information

We had this problem with CVE-2024-1012 and encoded the URL to https://github.com/4nNns/cveAdd/blob/b73e94ff089ae2201d9836b4d61b8175ff21618a/sqli/%E4%B8%87%E6%88%B7EZOFFICE%20%E5%89%8D%E5%8F%B0SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md to circumvent the error as a workaround.

[tschmidtb51]

Just a comment from the sidelines:

I think the behavior is correct: The JSON schema specifies uriType as `"format": "uri" and "according to RFC 3986". IMHO, this requires Chinese Characters to be percent-encoded.