プロジェクト

全般

プロフィール

編集 操作
リンクをコピー

Vote #80580

完了

Remove the URI limitation from external markdown links

Admin Redmine さんが約2年前に追加. 約2年前に更新.

ステータス:
Closed
優先度:
通常
担当者:
-
カテゴリ:
Text formatting_26
対象バージョン:
-
開始日:
2022/05/09
期日:
進捗率:

0%

予定工数:
Redmineorg_URL:
https://www.redmine.org/issues/32766
category_id:
26
version_id:
0
issue_org_id:
32766
author_id:
399737
assigned_to_id:
0
comments:
6
status_id:
5
tracker_id:
2
plus1:
0
affected_version:
closed_on:
affected_version_id:
ステータス-->[Closed]
引用

説明

Problem (usecase)
The Markdown Module of Redmine limits the possible URIs in markdown written links (RedmineTextFormattingMarkdown). But for us it is a very important feature to be able to link directly from Redmine to other apps. Therefore we need to be able to set links e.g. with the URI zpl://... (zeplin.io App on MacOS). With Textile this is possible, but not with Markdown.
IMHO the security gain of the limitation is small, especially since there is no limitation with Textile.

possible solution
Remove the URI limitation in Markdown (/lib/redmine/helpers/uri.rb). Alternatively, the possible URIs could be made adjustable.

journals

As a note: for us we have solved the problem with a "fix" plugin (https://github.com/laborb/redmine_lab_uri_schemes).
Nevertheless I would consider a solution in the core to be useful.
--------------------------------------------------------------------------------
Simon Busse wrote:
> As a note: for us we have solved the problem with a "fix" plugin (https://github.com/laborb/redmine_lab_uri_schemes).
> Nevertheless I would consider a solution in the core to be useful.

It is nice to be here...

--------------------------------------------------------------------------------
Declan Jackson wrote:
> Simon Busse wrote:
> > As a note: for us we have solved the problem with a "fix" plugin (https://github.com/laborb/redmine_lab_uri_schemes).
> > Nevertheless I would consider a solution in the core to be useful.
>
> It is nice to be here...
+1

--------------------------------------------------------------------------------
In CommonMark formatting patch #32424, I've added @Redmine::Helpers::URL#uri_with_link_safe_scheme?@ method.

If it were applied, the fix for the old Markdown formatting would be:
<pre><code class="diff">
--- a/lib/redmine/wiki_formatting/markdown/formatter.rb
+++ b/lib/redmine/wiki_formatting/markdown/formatter.rb
@@ -27,7 +27,7 @@ module Redmine
include Redmine::Helpers::URL

def link(link, title, content)
- return nil unless uri_with_safe_scheme?(link)
+ return nil unless uri_with_link_safe_scheme?(link)

css = nil
unless link && link.starts_with?('/')
</code></pre>

This new helper method can then be used also to replace the hardcoded test in Textile (@href.downcase.start_with?('javascript:')@).
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
The old Markdown formatting based on RedCarpet is deprecated and it won't receive any fixes (excepting security issues). You should migrate to the new Markdown formatting based on CommonMark which is available in Redmine 5 (#32424).

I'm setting resolution fixed because this issue is fixed in CommonMark.
--------------------------------------------------------------------------------

related_issues

relates,Closed,32424,CommonMark Markdown Text Formatting

操作
リンクをコピー
 #1

Admin Redmine さんが約2年前に更新

  • カテゴリText formatting_26 にセット
編集 操作
リンクをコピー

他の形式にエクスポート: Atom PDF

いいね!0
いいね!0

demo1.unofficial-redmine.org