From 5e07a7241392a82586054613896e4da73069bcbb Mon Sep 17 00:00:00 2001
From: Go MAEDA <maeda@farend.jp>
Date: Mon, 18 Sep 2023 05:07:22 +0000
Subject: [PATCH] Adapt markdown autolink behavior to that of common_mark
 (#38806).

Patch by Holger Just.


git-svn-id: https://svn.redmine.org/redmine/trunk@22298 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 .../wiki_formatting/markdown/formatter.rb     | 17 +++-
 .../markdown_formatter_test.rb                | 79 ++++++++++++++++++-
 2 files changed, 93 insertions(+), 3 deletions(-)

diff --git a/lib/redmine/wiki_formatting/markdown/formatter.rb b/lib/redmine/wiki_formatting/markdown/formatter.rb
index 906f8c8a7..ac600179e 100644
--- a/lib/redmine/wiki_formatting/markdown/formatter.rb
+++ b/lib/redmine/wiki_formatting/markdown/formatter.rb
@@ -26,11 +26,24 @@ module Redmine
         include ActionView::Helpers::TagHelper
         include Redmine::Helpers::URL
 
+        def autolink(link, link_type)
+          if link_type == :email
+            link("mailto:#{link}", nil, link) || CGI.escapeHTML(link)
+          else
+            content = link
+            # Pretty printing: if we get an email address as an actual URI, e.g.
+            # `mailto:foo@bar.com`, we don't want to print the `mailto:` prefix
+            content = link[7..-1] if link.start_with?('mailto:')
+
+            link(link, nil, content) || CGI.escapeHTML(link)
+          end
+        end
+
         def link(link, title, content)
-          return nil unless uri_with_safe_scheme?(link)
+          return nil unless uri_with_link_safe_scheme?(link)
 
           css = nil
-          unless link && link.starts_with?('/')
+          unless link&.starts_with?('/') || link&.starts_with?('mailto:')
             css = 'external'
           end
           content_tag('a', content.to_s.html_safe, :href => link, :title => title, :class => css)
diff --git a/test/unit/lib/redmine/wiki_formatting/markdown_formatter_test.rb b/test/unit/lib/redmine/wiki_formatting/markdown_formatter_test.rb
index 33bc8a269..7d24d30b9 100644
--- a/test/unit/lib/redmine/wiki_formatting/markdown_formatter_test.rb
+++ b/test/unit/lib/redmine/wiki_formatting/markdown_formatter_test.rb
@@ -261,11 +261,88 @@ class Redmine::WikiFormatting::MarkdownFormatterTest < ActionView::TestCase
 
   def test_should_support_underlined_text
     text = 'This _text_ should be underlined'
-    assert_equal '<p>This <u>text</u> should be underlined</p>', @formatter.new(text).to_html.strip
+    assert_equal '<p>This <u>text</u> should be underlined</p>', format(text)
+  end
+
+  def test_should_autolink_mails
+    input = "foo@example.org"
+    assert_equal %(<p><a href="mailto:foo@example.org">foo@example.org</a></p>), format(input)
+
+    # The redcloth autolinker parses "plain" mailto links a bit unfortunately.
+    # We do the best we can here...
+    input = "mailto:foo@example.org"
+    assert_equal %(<p>mailto:<a href="mailto:foo@example.org">foo@example.org</a></p>), format(input)
+  end
+
+  def test_should_fixup_mailto_links
+    input = "<mailto:foo@example.org>"
+    assert_equal %(<p><a href="mailto:foo@example.org">foo@example.org</a></p>), format(input)
+  end
+
+  def test_should_fixup_autolinked_user_references
+    text = "user:user@example.org"
+    assert_equal "<p>#{text}</p>", format(text)
+
+    text = "@user@example.org"
+    assert_equal "<p>#{text}</p>", format(text)
+  end
+
+  def test_should_fixup_autolinked_hires_files
+    text = "printscreen@2x.png"
+    assert_equal "<p>#{text}</p>", format(text).strip
+  end
+
+  def test_should_allow_links_with_safe_url_schemes
+    safe_schemes = %w(http https ftp)
+    link_safe_schemes = %w(ssh foo)
+
+    (safe_schemes + link_safe_schemes).each do |scheme|
+      input = "[#{scheme}](#{scheme}://example.com)"
+      expected = %(<p><a href="#{scheme}://example.com" class="external">#{scheme}</a></p>)
+
+      assert_equal expected, format(input)
+    end
+  end
+
+  def test_should_not_allow_links_with_unsafe_url_schemes
+    unsafe_schemes = %w(data javascript vbscript)
+
+    unsafe_schemes.each do |scheme|
+      input = "[#{scheme}](#{scheme}:something)"
+      assert_equal "<p>#{input}</p>", format(input)
+    end
+  end
+
+  def test_should_allow_autolinks_with_safe_url_schemes
+    safe_schemes = %w(http https ftp)
+    link_safe_schemes = %w(ssh foo)
+
+    (safe_schemes + link_safe_schemes).each do |scheme|
+      input = "#{scheme}://example.org"
+      expected = %(<p><a href="#{input}" class="external">#{input}</a></p>)
+
+      assert_equal expected, format(input) if safe_schemes.include?(scheme)
+      assert_equal expected, format("<#{input}>")
+    end
+  end
+
+  def test_should_not_autolink_unsafe_schemes
+    unsafe_schemes = %w(data javascript vbscript)
+
+    unsafe_schemes.each do |scheme|
+      link = "#{scheme}:something"
+
+      assert_equal "<p>#{link}</p>", format(link)
+      assert_equal "<p>#{link}</p>", format("<#{link}>")
+    end
   end
 
   private
 
+  def format(text)
+    @formatter.new(text).to_html.strip
+  end
+
   def assert_section_with_hash(expected, text, index)
     result = @formatter.new(text).get_section(index)