[PT Run] Add scheme verification for application URI (#15324)

* [PT Run] Add scheme verfication for application URI

* Add test

src/modules/launcher/Plugins/Microsoft.Plugin.Uri.UnitTests/UriHelper/ExtendedUriParserTests.cs

@@ -78,6 +78,7 @@ public class ExtendedUriParserTests
         [DataRow("ftp://user:[email protected]:2121", true, "ftp://user:[email protected]:2121/", false)]
         [DataRow("ftp://user:[email protected]", true, "ftp://user:[email protected]/", false)]
         [DataRow("ftp://user:[email protected]:2121", true, "ftp://user:[email protected]:2121/", false)]
+        [DataRow("^:", false, null, false)]
 
         public void TryParseCanParseHostName(string query, bool expectedSuccess, string expectedResult, bool expectedIsWebUri)
         {

src/modules/launcher/Plugins/Microsoft.Plugin.Uri/UriHelper/ExtendedUriParser.cs

@@ -4,6 +4,7 @@
 
 using System;
 using System.Linq;
+using System.Text.RegularExpressions;
 using Microsoft.Plugin.Uri.Interfaces;
 
 namespace Microsoft.Plugin.Uri.UriHelper
@@ -21,10 +22,13 @@ public bool TryParse(string input, out System.Uri result, out bool isWebUri)
 
             // Handling URL with only scheme, typically mailto or application uri.
             // Do nothing, return the result without urlBuilder
+            // And check if scheme match REC3986 (issue #15035)
+            const string schemeRegex = @"^([a-z][a-z0-9+\-.]*):";
             if (input.EndsWith(":", StringComparison.OrdinalIgnoreCase)
                 && !input.StartsWith("http", StringComparison.OrdinalIgnoreCase)
                 && !input.Contains("/", StringComparison.OrdinalIgnoreCase)
-                && !input.All(char.IsDigit))
+                && !input.All(char.IsDigit)
+                && Regex.IsMatch(input, schemeRegex))
             {
                 result = new System.Uri(input);
                 isWebUri = false;