Discourse deliberately breaks FTP links, even ones manually made in HTML
-
Why?
-
best answer i have is discoursistency. but if you want to post this on meta.d you have my
axelike
-
URL protocols handlers have been source of security problems (I remember
telnet://
links launching arbitrary programs on OSX), so I understand why Discourse has a whitelist of allowed ones.
FTP could probably be whitelisted, though. Even though it’s TRWTF. :p
-
URL protocols handlers have been source of security problems (I remember telnet:// links launching arbitrary programs on OSX), so I understand why Discourse has a whitelist of allowed ones.FTP could probably be whitelisted, though. Even though it’s TRWTF.
But why does it look like a link?
-
Who still uses FTP in a browser? I bet I have not done that for close to 10 years.
-
-
But why does it look like a link?
The Discourse HTML sanitizer tends to REMOVE ALL THE THINGS it doesn’t like, so
<a href="ftp://something">
(either typed directly, or from the Markdown parser) is sanitized to<a href="">
which gets sanitized to<a>
.<a>
alone is deemed acceptable, so it stays as it is.
-
The Discourse HTML sanitizer tends to REMOVE ALL THE THINGS it doesn’t like, so
<a href="ftp://something">
(either typed directly, or from the Markdown parser) is sanitized to<a href="">
which gets sanitized to<a>
.<a>
alone is deemed acceptable, so it stays as it is.Was kinda intended as a rhetorical question, but we'll go with that
Kinda hillarious that it eats markup generated by a prior generator... Yay discourse!
-
We should probably be thankful it doesn't 'sanitize' every link down to a raw
<a>
element. Then again, I hear that's an upcoming feature in the latest beta...