Sanitize project page description HTML (esp. links/images URLs)

Created on 30 August 2022, over 2 years ago
Updated 13 October 2023, about 1 year ago

Problem/Motivation

There are some modules that contain HTTP:// links in their description page.

Some browsers and anti-virus softwares don’t allow these kind of links to open up.

Steps to reproduce

The hyperlink to A DEMO is an http:// link in ICME module.

Proposed resolution

Remaining tasks

  • ✅ File an issue about this project
  • ☐ Manual Testing
  • ☐ Code Review
  • ☐ Accessibility Review
  • ☐ Automated tests needed/written?
Feature request
Status

Closed: won't fix

Version

1.0

Component

Code

Created by

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • 🇺🇸United States chrisfromredfin Portland, Maine

    FYI these links are coming from the project descriptions themselves. We don't have any kind of sanitization of those links, but perhaps we could/should scan for links that may or may not work. For example, if we're getting a relative link from Drupal.org we may need to scan and sanitize to an absolute URL with https... ? Definitely a feature request for post-mvp.

  • Status changed to Closed: won't fix over 1 year ago
  • 🇺🇸United States drumm NY, US

    Please do not implement overly-specific sanitization on the client side.

    Drupal.org will already not allow images that are not hosted on Drupal.org, so all images will be https and not be used 3rd-party for tracking.

    For links, http links are non-ideal, but perfectly fine. Some sites even in 2023 don't have https set up. If we were ever to restrict using those links, that filtering would belong on Drupal.org, not the client.

  • 🇺🇸United States chrisfromredfin Portland, Maine
Production build 0.71.5 2024