Fancy preview destroys links containing ampersands


(B.J. Herbison) #1

When I put a link in a previous topic it was converted into a preview, but the link is clicked in the preview is broken. An ampersand is incorrectly converted.

The conversation: https://discourse.mozilla-community.org/t/who-has-the-records-for-the-mozilla-firefox-50-million-downloads-tokens/16521

The link: http://www.britishmuseum.org/research/collection_online/collection_object_details.aspx?objectId=1612368&partId=1

The link split: http:// www.britishmuseum.org/research/collection_online/collection_object_details.aspx?objectId=1612368&partId=1

(Edit: Apparently Meta Help uses a different form of Preview from Mozillians.)


(Leo McArdle) #2

The problem comes when you place a link on its own line, like so, and it becomes a ‘onebox’:

http://www.britishmuseum.org/research/collection_online/collection_object_details.aspx?objectId=1612368&partId=1

If it’s on a line with other things, it’s fine: http://www.britishmuseum.org/research/collection_online/collection_object_details.aspx?objectId=1612368&partId=1

This is a known bug upstream, but it seems there’s some reluctance to fix it for possible security implications:

https://meta.discourse.org/t/onebox-incorrectly-encodes-urls/61542?u=leomca


(B.J. Herbison) #3

Thanks for the link.

The “security” answer is backwards. The current code sends the user somewhere unintended, which means the current code is a potential security flaw.

Encoding/handling URLs correctly isn’t a security issue.