 |
Clarification: The bug description should read (backslashes added to prevent Mantis from formatting the example HTML) |
 |
What you enter in text fields is treated as text, and we just detect anything that looks like a URL and replace that with an anchor tag. We do not parse HTML, so we do not have any notion of URL "title". |
|
|
That cannot be quite correct, because the example.org link I posted in the bug description was a HTML link with link description, like this: <a href="http://example.org/">description</a>. You can edit this comment to see that it contains a HTML link with a description text that gets removed. |
|
|
Only selected HTML tags are authorized within MantisBT text fields (see $g_html_valid_tags). Anchor is not one of them (to prevent a XSS attack vector). When formatting text, we start by stripping all existing anchor tags (string_strip_href()), then encoding special chars, restoring authorized HTML tags, and finally adding links back (as plain URLs). This is handled by the MantisCoreFormatting plugin [1]; you can disable URL processing entirely, or replace the core functionality by your own customized version of the plugin to handle anchors the way you want. |
|
|
Shouldn't this behaviour not kick in when adding the anchor element to $g_html_valid_tags, though? How would I circumvent this behaviour without having to modify the Mantis core, as that will get overwritten with every update? |
|
|
As mentioned previously, anchor tags are disabled to avoid security issues. [1] https://github.com/mantisbt/mantisbt/blob/master/config_defaults_inc.php#L1797
This is exactly why I recommended you write a custom plugin to replace or supplement what MantisCoreFormatting does. |
- Anonymous
