View Issue Details

IDProjectCategoryView StatusLast Update
0022456mantisbtmarkdownpublic2017-03-05 08:21
Reporterajtruckle Assigned To 
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status newResolutionopen 
Product Version2.1.0 
Summary0022456: Adding images from external sites using markdown
Description

I am trying to display an image:

The Image

Won't work.

TagsNo tags attached.

Activities

atrol

atrol

2017-03-03 04:51

developer   ~0055882

Is 0022177 what you are asking for?

ajtruckle

ajtruckle

2017-03-03 05:04

reporter   ~0055883

Not really. If I upload the same image to my own website and use that URL the image will display.

Test 2

atrol

atrol

2017-03-03 05:07

developer   ~0055885

The provided information is not sufficient to provide any help. A complete and detailed description is required for the support team to get a clear understanding of the problem.

Please explain with detailed, step-by-step instructions what you do, what are the results you expect to get and what you actually get.

ajtruckle

ajtruckle

2017-03-03 05:12

reporter   ~0055886

For starters I don't understand why that second post is now showing the image on my server. My MantisBT does.

Can't you edit my posts? If you do that you will see my markdown I have used and the links. They are simple inline links to show an image.

ajtruckle

ajtruckle

2017-03-03 05:15

reporter   ~0055887

Look at the email log as that shows my raw markdown.

atrol

atrol

2017-03-03 05:31

developer   ~0055888

We don't allow embedding images from external URL's at the moment.
Check the console of your web browser. I expect you will see some "Content Security Policy" violations.

ajtruckle

ajtruckle

2017-03-03 05:38

reporter   ~0055889

Ah, so it is working for me with my images because they are on the same domain as my issue tracker. OK.

TomR

TomR

2017-03-03 05:52

reporter   ~0055892

I guess this is caused by CSP? I am struggling also with this ;-)
It would be nice when MantisBT is implememting such features to explain a little what it is and what possible consequences are.

This f.i. also applies to removing jQuery-UI ( in 2.1.0 and onwards )on which a lot of plugins are build.
This does not encourage to upgrade. If stuff 'works' in an older version and not in newer versions.

Maybe @atrol knows of a document which explains how to change plugins to be compatible again with latest MantisBT.

atrol

atrol

2017-03-05 08:18

developer   ~0055906

guess this is caused by CSP?

Right, see 0022456:0055888

Maybe @atrol knows of a document which explains how to change plugins to be compatible again with latest MantisBT.

I am not aware there is such a document, there is also no documentation when starting from 1.2, see 0016900
I recommend to look at https://github.com/mantisbt-plugins
There are some plugins which are compatible with 2.x where you can learn from.

Concerning how to deal with CSP for images, have a look at MantisBT's internal Gravatar plugin for a solution
https://github.com/mantisbt/mantisbt/blob/release-2.2.0/plugins/Gravatar/Gravatar.php#L118

atrol

atrol

2017-03-05 08:21

developer   ~0055907

I set severity to feature.

We would need some kind of white list for allowed URLs.