Skip to content
This repository has been archived by the owner on Jul 11, 2019. It is now read-only.

Escape HTML in urls #5

Open
Flet opened this issue Apr 30, 2015 · 5 comments
Open

Escape HTML in urls #5

Flet opened this issue Apr 30, 2015 · 5 comments

Comments

@Flet
Copy link
Member

Flet commented Apr 30, 2015

From @noffle on April 30, 2015 17:33

As is, entering something like the following, which was posted into #friends:

![Sorry guys](http://my.setale.me/image/052u2w2q3u3w/Schermata 2015-04-30 alle 19.09.21.png)

will fail because spaces aren't being translated into %20s.

Copied from original issue: moose-team/friends#86
@Flet Flet mentioned this issue Apr 30, 2015
Closed
@hackergrrl hackergrrl mentioned this issue May 1, 2015
Open
@hackergrrl
Copy link

Turns out markdown-it doesn't consider this a bug, in accordance with the commonmark spec. Turns out you must escape your spaces manually or surround your image URL in <>
tags.

It's kind of a shame, since I think users expect the escaping to Just Work(tm). I actually filed this because I saw a user mispaste a URL and they were surprised when it rendered useless useless HTML.

@Flet: what do you think about closing this as Working As Intended? I've filed something against Friends on the subject, since IMHO pasting images into a channel shouldn't require this much deep knowledge of the commonmark spec.

@ungoldman
Copy link
Member

Yep markdown-it is a great module but very rigorously enforces CommonMark. If we want other behaviors we need to add them ourselves on top of markdown-it or switch to another markdown rendering engine. Agree with @noffle rigorous knowledge of CommonMark shouldn't be a requirement for sharing gifs to lol at.

@hackergrrl
Copy link

What do you think about the suggestion in moose-team/friends#105 to mimic Slack in that we inline image URLs directly? Seems like a pretty lightweight addition to rich-message.

@ungoldman
Copy link
Member

@noffle just posted there :) moose-team/friends#105 (comment)

I think it makes sense as long as users can turn it off. I also think we should go for more permissive URL parsing in markdown.

@lukejanicke
Copy link

On a mini crusade here.

The current Markdown Spec doesn’t explicitly prohibit spaces in image links, but indirectly prohibits them in the Links section, where it says spaces cannot be used either with or without < and >. But then it also doesn’t specifically exclude spaces when it goes on to say “other symbols can also be escaped, as usual in Markdown”.

I say the spec is vague on this, but that it seems they do intentionally wish to prohibit spaces, even escaped.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Flet @ungoldman @hackergrrl @lukejanicke