Issue #8107 resolved
Martin Geisler
created an issue

If I add a comment on a changeset with this text:

[External link][1].


Then I see a link back to the current commit instead of the external site I really wanted to link to. I've left a demo here: (notice how nice a short link it, I wish I could just copy that directly from my address bar...).

Comments (4)

  1. Michael Frauenholtz staff

    Hi Martin,

    This is actually working as expected. Please see issue #7322:

    Our Markdown library uses a safe mode to prevent malicious HTML from being posted. This can cause some URLs (such as yours) to appear invalid. This is necessary for our site and we will not be changing it at this time.

    For your specific URL, it appears that the only 'unsafe' character is #. Replacing that with the HTML equivalent %23 allows the URL to render properly.

    We have recently updated our documentation here to reflect this.


  2. Martin Geisler reporter

    That doesn't really make sense. There is nothing unsafe about a link with a # or : character in it. It is the job of Markdown to escape it as necessary, e.g., to replace & in the input with & when generating the output.

    I looked at the source of the Markdown library and the problem is its LinkPattern.sanitize_url method which forbids : almost everywhere in a URL. That sounds too paranoid for me.

  3. Log in to comment