Open rodrigoffzz opened 2 years ago
excuse me, can someone please take a look at this? we have some broken links and I think that we could enhance our users experience if we fix it, not sure what the "Question" label means here...
I've seen a good example of that: https://ubuntu.com/security/CVE-2017-9814 on the Bugs section, the first link has a note saying "(main bug)" and when we click on it, we are redirected to a login page. an user might think that there is confidential information behind it, but the problem is the link itself, if we remove the (main bug) from the link, it works as expected.
looking forward to your reply.
hi @nottrobin @mtruj013, as you have fixed other security web interface issue, I'm kindly pinging you to check if it is possible to have someone looking at this one as well. Thanks!
Hmm I'm sure we've already discussed this and might have started work on a fix for it or something. @mtruj013 might know more when she gets back to work. There's probably another issue somewhere that we should link this one to. I had a look over on ubuntu.com, there's similar ones but not sure I found the exact one I was thinking of.
The proper fix here is to change the API schema. We shouldn't be just packing extra information into fields that are supposed to contain pure links. Maybe the API should actually check if the link is valid when you try to create a new record, and reject it if it's not. If you want "notes" to appear alongside links then that should be explicitly designed as part of the APIs schema.
This is still a big nuisance even with the new UCT design.
Summary
Hi. When we have a CVE that has a link with extra text in parenthesis in either the Bugs or References sections, it gets an incorrect link redirection because it adds the extra text to the links. We are wondering if that is something that might be fixed, please.
In summary, when we have a
http://link.to.something (notes)
we would like to have the link shown in the page ashttp://link.to.something (notes)
but the redirection tohttp://link.to.something
Example: https://ubuntu.com/security/CVE-2014-4607
Process
Access a CVE with links in Bugs and/or References with extra text in parenthesis and try to access that link.
Current and expected result
From the example above (https://ubuntu.com/security/CVE-2014-4607)
Current web source
Expected web source
Extra comments
There was a python pseudocode suggestion that was used to discuss this issue with @mtruj013 in mattermost some days ago that I would like to add here in case it helps: