View Issue Details

IDProjectCategoryView StatusLast Update
0022315mantisbtmarkdownpublic2024-03-15 07:16
Reporteruxmaster Assigned Tojoel  
PrioritynormalSeverityminorReproducibilityalways
Status assignedResolutionopen 
Product Version2.1.1 
Summary0022315: Markdown converts " to " within code blocks and inline code
Description

This is caused by noncooperation between "Markdown Processing" and "Text Processing".
When the latter is turned off, everything is OK (apart from XSS vulnerability).

Steps To Reproduce

" in normal text

" in inline code "

" in code block

"
TagsNo tags attached.

Relationships

related to 0022246 closedjoel Markdown is converting '&' signs to (ampersand[amp;]) inside code block or backtick as well 
related to 0024628 assigneddregad Double quotes " and lesser than sign < are shown as HTML entity within Markdown code blocks 
has duplicate 0022407 closedatrol Quotes in markdown 
related to 0024810 confirmed Markdown links/code always show HTML entities for Ampersand and Less-than sign 
child of 0022180 new Markdown issues following implementation in 0017920 

Activities

rombert

rombert

2017-02-14 08:51

reporter   ~0055670

Confirmed, seeing this as well

joel

joel

2017-02-19 08:29

developer   ~0055719

This has been addressed already with this PR https://github.com/mantisbt/mantisbt/pull/1007

dregad

dregad

2017-02-23 12:29

developer   ~0055768

This one is really annoying, can't copy/paste code snippets anymore without having to manually replace &quot; entities by actual quotes ...

joel

joel

2017-02-27 18:47

developer   ~0055812

Last edited: 2017-02-27 18:48

This is not a bug in upstream, the bug is due to that Text processing process the text from the start:

  1. Text processing converts & sign into entity name (ampersand[amp;]) within the code block or backtick
  2. With that, we need to convert back the entity name back to its result within the specific function in the extension class.

And this is the PR https://github.com/mantisbt/mantisbt/pull/1007

ajtruckle

ajtruckle

2017-03-03 05:41

reporter   ~0055890

@joel Which version of the MantisBT download do I use that has this fix?

atrol

atrol

2017-03-03 05:46

developer   ~0055891

@ajtruckle this is an open PR, so there is no version you can download at the moment.

Starbuck

Starbuck

2020-09-04 13:47

reporter   ~0064359

Recent activity: https://github.com/mantisbt/mantisbt/pull/1332

batman magumbo

batman magumbo

2021-11-09 08:29

reporter   ~0065999

This is still an issue on brand new installations of Mantis as of November 2021.

There's a plugin called Imatic Mantis Formatting that's supposed to fix the issue, but it's meant to replace the native Mantis formatting plugin, and it requires PHP 7.4 and Composer.

I was running PHP 7.1 so I wrote a simpler plugin that just run alongside the native one and patches the problem.

Here: OT Mantis Markdown Fixer. Hope that helps someone.