search

gohugoio / hugo

The world’s fastest framework for building websites.
https://gohugo.io
Apache License 2.0
75.16k stars 7.48k forks source link

Goldmark incorrectly parses http addresses that end in a quote #10407

Closed TopherIsSwell closed 6 months ago

TopherIsSwell commented 1 year ago

What version of Hugo are you using (hugo version)?

v0.105.0-DEV-c10931404f605b88067cb66da7ec333ddeb24cc0
Also tried with a local build of v0.104, and a downloaded binary of v0.102 This bug exists as of commit SHA c10931404f605b88067cb66da7ec333ddeb24cc0

Does this issue reproduce with the latest release?

Yes, latest stable and the latest build off of main

issue description

when you render a page that includes an http address with a slash (i.e. the address has a path) surrounded in double quotes, the trailing quote is considered part of the address and url-encoded into the href link. This makes the link invalid. It seems that a slash needs to be in the address to trigger the bug (not counting the slashes for the URI component), so "https://google.com" will NOT trigger this bug, but "https://google.com/" will and "https://google.com/mail" will.

to reproduce

create an page with the content

go to "https://google.com/"

and it will be rendered as 

go to "<a href="https://google.com/%22">https://google.com/"</a>

Pic: image

TopherIsSwell commented 1 year ago

I've noticed that setting markup.goldmark.extensions.typographer to false causes the link rendered behavior to stop. Maybe this bug is in goldmark or smartypants or something?

Also note: This may be separate bug, but if you escape the quotes

Go to \"https://google.com/\"

it will create the hyperlink at all.

Also, also: If you only escape the trailing quote:

Go to "https://google.com/\"

It will create the hyperlink correctly, but the text will begin with a smart (curly) quote and end with a straight quote. Rendered as:

Go to “https://google.com/"
jmooring commented 1 year ago

This may be caused by the linkify extension, or the interaction between linkify and typographer. The linkify extension renders strings such as https://google.com and www.google.com to anchor elements.

With both extensions enabled...

These work:

"https://google.com"
"www.google.com"

These fail (note the trailing slash):

"https://google.com/"
"www.google.com/"

I'm not a huge fan of the autolink extension. I would prefer to be in control of what is and is not rendered as an anchor element.

Both of these work regardless of whether or not the linkify extension is enabled.

"<https://google.com>"
"<https://google.com/>"

In any event, this needs to be reported upstream.

jmooring commented 1 year ago

https://github.com/yuin/goldmark/issues/335

github-actions[bot] commented 8 months ago

This issue has been automatically marked as stale because it has not had recent activity. The resources of the Hugo team are limited, and so we are asking for your help. If this is a bug and you can still reproduce this error on the master branch, please reply with all of the information you have about it in order to keep the issue open. If this is a feature request, and you feel that it is still relevant and valuable, please tell us why. This issue will automatically be closed in the near future if no further activity occurs. Thank you for all your contributions.

github-actions[bot] commented 5 months ago

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.