Remove URL sanitizer as it is malfunctioning and unclear where needed…

[stefan-kolb]

Also see #667.

@JabRef/developers If someone knows a use case where this is needed and why we can try to reimplement it properly. But this way it really makes no sense IMHO.

[oscargus]

So then either URLDecoder.decode or URI.toASCIIstring converts # to %23? Of course not impossible, but seems like one has used the incorrect methods in that case.

I think the main things it does is replacing space with %20 in the URLs and removing any \url{...} commands. There will probably be users that will run into problems, but maybe one can add a URL cleanup that does the corresponding thing?

I think an alternative solution would just be to do a replaceAll("%23","#") at the end.

[stefan-kolb]

The problem is that is really hard to correctly encode a URL if we are not aware of its structure. Regardless of what methods we use.
So if we are not completely sure we need it, we should probably not do this.

[simonharrer]

👍 sounds reasonable.

[simonharrer]

@koppor what do you think about this? Especially is it possible that users have a url={\url{http://google.com}} in their bibfile? And what about escaping symbols for latex like %or #?

[koppor]

Unsure. The method comment states following:

make sure an URL is "portable", in that it doesn't contain bad characters that break the open command in some OSes. A call to this method will also remove \url{} enclosings.

That reads perfectly fine.

OK, I also read the following

// FIXME: everything below is really flawed atm

Maybe, we should cleanup the URL fields and not do the cleanup at the place of opening. Although I see the issue of malicious bib files which could have an URL executing malicious code. However, that risk is so low that I would not count on it.

Meaning: 👍 and open a new issue for CleanUp.