Page MenuHomePhorge
Create Task
Maniphest T15132

Support monospaced links in remarkup
Open, HighPublic
Actions

Description

It used to be possible to have monospace links by using this syntax with backticks: [[ uri | `free text` ]] , but this is no longer possible since:

I think it was never intentionally allowed, and there was never a test for it. It is (or was) useful a used feature, so I (avivey) think we should restore it.

The patch D20937 stops parsing either side (uri and text) as remarkup to prevent XSS issues. It's not clear to me if there's an actual security risk in allowing remarkup in the text side.

Possible paths forward:

  1. Do a proper XSS analysis about allowing remarkup in the text portion of the link, and if we're convinced it's fine, just enable it.
  2. Special-case hack the link syntax to understand backquotes in the text section. This has some obvious limitations, like allowing mixed-format text.
  3. making the test in PhutilRemarkupDocumentLinkRule more fine-grained, to allow some forms of markup. This might be expensive in performance (see https://secure.phabricator.com/T2849).

Related Objects
Search...

Event Timeline

avivey created this task.Oct 28 2022, 07:48
Herald added subscribers: Cigaryno, Matthew, chris and 2 others. · View Herald TranscriptOct 28 2022, 07:48
avivey mentioned this in Z1: Phorge.Oct 28 2022, 07:49
20after4 subscribed.Dec 20 2022, 02:16

To me 2 seems like the safest / easiest solution, even if it is a bit limited.

valerio.bozzolan subscribed.Mar 23 2023, 11:02
valerio.bozzolan updated the task description. (Show Details)Apr 4 2023, 23:09
valerio.bozzolan added a comment.Apr 4 2023, 23:13

(I just added in the description the keyword "backtick" so I can easily find this)

Interestingly, some pages in Phabricator itself have broken parts. Example:

https://we.phorge.it/applications/view/PhabricatorSearchApplication/

Phabricator Search Application - Remarkup issue.png (705×1 px, 88 KB)

Since I don't think we will fix this issue very soon, I think at the moment it's just better for me to propose a small patch to fix that specific page.

valerio.bozzolan added a parent task: T15230: Fix Search Application description.Apr 4 2023, 23:22
valerio.bozzolan added a revision: D25110: Fix "Search" Application description.Apr 4 2023, 23:27
valerio.bozzolan removed a revision: D25110: Fix "Search" Application description.Apr 4 2023, 23:31
avivey mentioned this in D25110: Fix "Search" Application description.Apr 5 2023, 12:00
avivey triaged this task as High priority.Apr 5 2023, 12:04
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0