Closed Bug 1268510 Opened 8 years ago Closed 8 years ago

links in templates that should not be clickable are normal links in kb articles using the template

Categories

(support.mozilla.org :: Knowledge Base Software, task)

Product:
support.mozilla.org
Component:
Knowledge Base Software
Platform:
All
Linux
Type:
task
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 939210

People

(Reporter: dontarius, Unassigned)

References

(
URL
)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Build ID: 2016031600

Steps to reproduce:

The page:

https://support.mozilla.org/en-US/kb/install-flash-plugin-view-videos-animations-games

contains a link to:

http://libflashplayer[CAREFUL!].so/

When I clicked on this link previously, it attempted to install malware.


Actual results:

malware


Expected results:

no malware
URL: https://support.mozilla.org/en-US/kb/...
Severity: normal → critical
OS: Unspecified → All
Hardware: Unspecified → All
P.S.:  This is particularly troublesome since unsuspecting users may assume that the site contains the file needed in order to get flash player to work.
The part of the article linking to this website is a template: https://support.mozilla.org/en-US/kb/templateupdateflash. The link should not be clickable and it should not be a link, but a filename. Links that are not clickable in templates (e.g. mozilla<!---->.org) seem to be links in kb articles where the template is used.
Mike, do you think, there's an easy fix for that or should we add a space instead of the <!----> for the moment, to prevent it getting a malware link?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(mcooper)
Summary: support.mozilla.org contains link to site installing malware → links in templates that should not be clickable are normal links in kb articles using the template
OS: All → Linux
Component: Knowledge Base Content → Knowledge Base Software
This looks to be a duplicate of Bug 939210 - You can't unlinkify something in a template
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
I don't work on Kitsune anymore.
Flags: needinfo?(mcooper) → needinfo?(giorgos)
Giorgos: This is probably an issue in how templates are included, which happens in wiki/parser.py [0]. I think the document has been edited, so I can't see what was causing this. I'd imagine that the parser is parsing templates twice, so comments get stripped out and things that weren't links in the template become links in the rendered version.

[0]: https://github.com/mozilla/kitsune/blob/7ad041a900f16e8149b32957e45f295140636a7a/kitsune/wiki/parser.py#L402-L439
Thanks for the info Mike.

(In reply to Tim [:pollti] from comment #2)
> Mike, do you think, there's an easy fix for that or should we add a space
> instead of the <!----> for the moment, to prevent it getting a malware link?

Given the current team status I suggest that we add a space and fix this properly in the future. Please update here when you add the space and leave this bug open to track the fix Thanks!
Flags: needinfo?(giorgos)
Per bug 939210 comment 9, <b></b> was included by Tim for the template involved, which appears to work. I suggest using that (or probably other markup such as <s></s>, but consistency would be nice) instead of spaces.
You need to log in before you can comment on or make changes to this bug.