From c5b0535a3f33895069dfb1bde01ebdd402d72397 Mon Sep 17 00:00:00 2001 From: Jiang Bohan Date: Tue, 31 Mar 2026 15:52:03 +0800 Subject: [PATCH] fix(markdown): allow mention:// protocol through URL sanitization react-markdown v10's defaultUrlTransform strips URLs with non-standard protocols (only http/https/irc/mailto/xmpp allowed). This caused mention://issue/ links to have empty hrefs, breaking click navigation to issue detail pages. --- apps/web/components/markdown/Markdown.tsx | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/apps/web/components/markdown/Markdown.tsx b/apps/web/components/markdown/Markdown.tsx index 77f5710b..c10fccb3 100644 --- a/apps/web/components/markdown/Markdown.tsx +++ b/apps/web/components/markdown/Markdown.tsx @@ -1,6 +1,6 @@ import * as React from 'react' import Link from 'next/link' -import ReactMarkdown, { type Components } from 'react-markdown' +import ReactMarkdown, { type Components, defaultUrlTransform } from 'react-markdown' import rehypeRaw from 'rehype-raw' import remarkGfm from 'remark-gfm' import { cn } from '@/lib/utils' @@ -44,6 +44,15 @@ export interface MarkdownProps { onFileClick?: (path: string) => void } +/** + * Custom URL transform that allows mention:// protocol (used for @mentions) + * while keeping the default security for all other URLs. + */ +function urlTransform(url: string): string { + if (url.startsWith('mention://')) return url + return defaultUrlTransform(url) +} + // File path detection regex - matches paths starting with /, ~/, or ./ const FILE_PATH_REGEX = /^(?:\/|~\/|\.\/)[\w\-./@]+\.(?:ts|tsx|js|jsx|mjs|cjs|md|json|yaml|yml|py|go|rs|css|scss|less|html|htm|txt|log|sh|bash|zsh|swift|kt|java|c|cpp|h|hpp|rb|php|xml|toml|ini|cfg|conf|env|sql|graphql|vue|svelte|astro|prisma)$/i @@ -298,6 +307,7 @@ export function Markdown({ {processedContent}