Re: -Tmarkdown: don't wrap mailtos in <>

tech@mandoc.bsd.lv
 help / color / mirror / Atom feed

From: "Anthony J. Bentley" <anthony@anjbe.name>
To: Ingo Schwarze <schwarze@usta.de>
Cc: tech@mdocml.bsd.lv
Subject: Re: -Tmarkdown: don't wrap mailtos in <>
Date: Thu, 09 Mar 2017 00:27:00 -0700	[thread overview]
Message-ID: <48572.1489044420@cathet.us> (raw)
In-Reply-To: <20170309023235.GA76398@athene.usta.de>

Hi Ingo,

Ingo Schwarze writes:
> Your diff is very wrong and completely breaks .Mt hyperlinking.

Indeed, you're right. In my defense, there are a couple of reasonable(?)
factors that led to my misunderstanding here:

 - Markdown parsers I've encountered (and GitHub in particular) do
   hyperlink email addresses automatically without <>; I neglected to
   check the spec, as it never occurred to me that Markdown parsers
   might exist that don't do this. Mea culpa.

 - The regression test output mdoc/Aq/author.out_markdown gets
   misinterpreted in Markdown parsers, including try.commonmark.org,
   as <addr> gets passed through as an HTML tag.

 - The regression test mdoc/Mt/simple.in behaves differently between
   output formats: in -Thtml, "Mt ." is hyperlinked, and in -Tmarkdown,
   it is not, at least in CommonMark and GitHub.

The second point seems particularly problematic: any Mt whose argument
doesn't contain '@' seems to be passed through common Markdown parsers
as an HTML tag. Like, say,

.Aq Mt pre

or

.Aq Mt "link rel=stylesheet href=https://example.com/malicious.css"

Is this something we should be worried about? Are there other macros a
crafty manual could use to inject arbitrary HTML into Markdown output?

-- 
Anthony J. Bentley
--
 To unsubscribe send an email to tech+unsubscribe@mdocml.bsd.lv

next prev parent reply	other threads:[~2017-03-09  7:27 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-03-09  1:47 Anthony J. Bentley
2017-03-09  2:32 ` Ingo Schwarze
2017-03-09  7:27   ` Anthony J. Bentley [this message]
2017-03-09 16:39     ` Ingo Schwarze

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=48572.1489044420@cathet.us \
    --to=anthony@anjbe.name \
    --cc=schwarze@usta.de \
    --cc=tech@mdocml.bsd.lv \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).