Don't allow relative links in comments

umputun / remark42

comment engine

https://remark42.com

MIT License

4.84k stars 376 forks source link

Don't allow relative links in comments #1578

Closed paskal closed 1 year ago

paskal commented 1 year ago

(url) is a text inserted by default and never an intended URL.

That additional validation will ensure that users won't post relative links because they are rarely intended.

This is how it looks without frontend changes:

Backend part for #809.

coveralls commented 1 year ago

Pull Request Test Coverage Report for Build 3877434550

3 of 3 (100.0%) changed or added relevant lines in 1 file are covered.
No unchanged relevant lines lost coverage.
Overall coverage increased (+0.007%) to 84.113%

Totals
Change from base Build 3872384385:	0.007%
Covered Lines:	5787
Relevant Lines:	6880

💛 - Coveralls

akellbl4 commented 1 year ago

Are we gonna throw an error in case link provided without protocol? Like [google](google.com). Because it results in a link that refers to ${currentUrl}/google.com

paskal commented 1 year ago

This change prohibits posting relative links. I have to think about how to parse markdown correctly, but the change is already working and can be tested. @umputun, what do you think about the whole idea of blocking the relative URLs?

umputun commented 1 year ago

Using relative links intentionally is an extremely rare use case. One would need to have a file server on the same subdomain as Remark42 to make any sense of this. I believe disabling such links is a good idea and will work well in 99.9% of cases.