Fix URI scheme validation for components from untrusted sources (IPC)

[Copilot]

Description

The URI constructor skips validation when constructed from UriComponents objects, assuming they're created by trusted internal code. This assumption breaks when components arrive via IPC, causing "[UriError]: Scheme contains illegal characters" to be thrown during URI.revive() calls (17.3M hits, 3.4M users affected).

Changes

• Enable validation for object constructor path: Call _validateUri() when constructing from UriComponents to validate schemes from untrusted sources (IPC)
• Add comprehensive tests: Cover invalid schemes (spaces, special chars), valid schemes (alphanumeric + - . +), and edge cases (empty scheme)

// Before: validation skipped for object path
if (typeof schemeOrData === 'object') {
    this.scheme = schemeOrData.scheme || _empty;
    // ... other assignments
    // _validateUri(this);  // commented out
}

// After: validation enabled
if (typeof schemeOrData === 'object') {
    this.scheme = schemeOrData.scheme || _empty;
    // ... other assignments
    _validateUri(this);  // now validates
}

The validation already exists and is simple (regex test). Empty schemes remain allowed for backward compatibility. No breaking changes - only malformed schemes from external sources are now rejected at construction time rather than causing obscure errors later.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Unhandled Error] [UriError]: Scheme contains illegal characters.</issue_title>
<issue_description>Issue created from VS Code Errors Analysis Dashboard

Error Bucket

1d7b6bbf-283f-341b-d887-73d6b8596c1f

Error Message

[UriError]: Scheme contains illegal characters.

Stack Trace

    at r8 (file:/Users/cloudtest/vss/_work/1/s/src/vs/base/common/uri.ts:25:8)
    at _validateUri (file:/Users/cloudtest/vss/_work/1/s/src/vs/base/common/uri.ts:175:3)
    at new Hr (file:/Users/cloudtest/vss/_work/1/s/src/vs/base/common/uri.ts:451:0)
    at ld.revive (file:/Users/cloudtest/vss/_work/1/s/src/vs/base/common/uri.ts:410:18)
    at y2.call (file:/Users/cloudtest/vss/_work/1/s/src/vs/platform/log/electron-main/logIpc.ts:36:75)
    at _f.s (file:/Users/cloudtest/vss/_work/1/s/src/vs/base/parts/ipc/common/ipc.ts:419:21)
    at _f.q (file:/Users/cloudtest/vss/_work/1/s/src/vs/base/parts/ipc/common/ipc.ts:394:16)
    at na.value (file:/Users/cloudtest/vss/_work/1/s/src/vs/base/parts/ipc/common/ipc.ts:338:62)
    at P.C (file:/Users/cloudtest/vss/_work/1/s/src/vs/base/common/event.ts:1202:12)
    at P.D (file:/Users/cloudtest/vss/_work/1/s/src/vs/base/common/event.ts:1213:8)
    at P.fire (file:/Users/cloudtest/vss/_work/1/s/src/vs/base/common/event.ts:1237:8)
    at na.value (file:/Users/cloudtest/vss/_work/1/s/src/vs/base/common/event.ts:131:83)
    at P.C (file:/Users/cloudtest/vss/_work/1/s/src/vs/base/common/event.ts:1202:12)
    at P.fire (file:/Users/cloudtest/vss/_work/1/s/src/vs/base/common/event.ts:1233:8)
    at na.value (file:/Users/cloudtest/vss/_work/1/s/src/vs/base/common/event.ts:165:96)
    at P.C (file:/Users/cloudtest/vss/_work/1/s/src/vs/base/common/event.ts:1202:12)
    at P.fire (file:/Users/cloudtest/vss/_work/1/s/src/vs/base/common/event.ts:1233:8)
    at N (file:/Users/cloudtest/vss/_work/1/s/src/vs/base/common/event.ts:574:40)
    at listener (file:/Users/cloudtest/vss/_work/1/s/src/vs/base/parts/ipc/electron-main/ipcMain.ts:30:4)
    at IpcMainImpl.emit (node:events:519:28)
    at Session.<anonymous> (node:<REDACTED: user-file-path>:2:106616)
    at Session.emit (node:events:519:28)

Raw Stack Trace

Error: [UriError]: Scheme contains illegal characters.     at r8 (out/main.js:30:64420)     at new ld (out/main.js:30:67800)     at new Hr (out/main.js:30:69238)     at ld.revive (out/main.js:30:69015)     at y2.call (out/main.js:91:107011)     at _f.s (out/main.js:31:14882)     at _f.q (out/main.js:31:14405)     at na.value (out/main.js:31:13807)     at P.C (out/main.js:30:2328)     at P.D (out/main.js:30:2398)     at P.fire (out/main.js:30:2615)     at na.value (out/main.js:28:5389)     at P.C (out/main.js:30:2328)     at P.fire (out/main.js:30:2546)     at na.value (out/main.js:28:5577)     at P.C (out/main.js:30:2328)     at P.fire (out/main.js:30:2546)     at N (out/main.js:28:7871)     at IpcMainImpl.i (out/main.js:36:10815)     at IpcMainImpl.emit (node:events:519:28)     at Session.<anonymous> (node:<REDACTED: user-file-path>:2:106616)     at Session.emit (node:events:519:28)

Details

Property	Value
Version	1.107.1
Commit	994fd12f
Last Seen	2025-12-18T23:59:44.562Z
Total Hits	17.3M
Affected Users	3.4M
Platforms	Linux, Mac, Windows
Product	VSCode

---

This issue was automatically created from the VS Code Errors Dashboard</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [Unhandled Error] [UriError]: Scheme contains illegal characters. #284542

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[jrieken]

The URI constructor skips validation when constructed from UriComponents objects, assuming they're created by trusted internal code.

@bryanchen-d We do this on purpose and for performance reasons (because very many uris travel via IPC). The logic is that UriComponents can only be created from a valid URI so we should first understand how this happens, e.g how we end up with uri component data that is invalid.