-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid creating invalid URIs from user input #1795
Conversation
Signed-off-by: Julius Härtl <jus@bitgrid.net>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me.
I checked that a mailto link with %20
still works. Also confirmed that rfc3986 does not allow for spaces to occure anywhere in urls.
I tried to use other characters that usually do not appear in urls but these days are encoded and still displayed by the browser. In particular i tried: https://はじめよう.みんな . The browser opened the link just fine. So limiting the encoding to space charactes seems like a good approach as not everything needs to be encoded that is not a strictly valid url char.
Yep, markdown-it which we use to transform the markdown to the document seems to explicitly stop parsing links with ascii control characters including whitespace while allowing anything else: https://github.com/markdown-it/markdown-it/blob/e5986bb7cca20ac95dc81e4741c08949bf01bb77/lib/helpers/parse_link_destination.js#L50 |
/backport to stable22 |
/backport to stable21 |
/backport to stable20 |
The backport to stable22 failed. Please do this backport manually. |
The backport to stable21 failed. Please do this backport manually. |
The backport to stable20 failed. Please do this backport manually. |
Make sure that the link we create is still valid in markdown, even if a user wrongly enters spaces into the input when adding a link through the UI.
To reproduce.
occ text:reset FILEID -f