Closed Bug 507320 Opened 13 years ago Closed 13 years ago

Support clickable links in comments, reviews, descriptions etc.

Categories

(addons.mozilla.org Graveyard :: Collections, enhancement)

enhancement
Not set
normal

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 425508

People

(Reporter: wis.master, Assigned: fligtar)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1

It would be great if the link is clickable in comments or collector descriptions.

Reproducible: Always
Morlan,

Could you elaborate a little please. Do you mean on the addons.mozilla.org site, or somehwhere in the Collector add-on?
Assignee: nobody → brian
Think twice, I think it's nice to be on both. In other words make links clickable whether I see the links in the Add-On Collector interface or on addons.mozilla.org.

I always wonder why all links have to be in text form unless there are some security risks concerned. But I don't see how this would be dangerous though.
I suspect urls not being linked is because it would be open to abuse and spam link placement.

Suspect WONTFIX -> Justin.
Assignee: brian → fligtar
Would like linkification in add-on descriptions and developer comments first. ;) Ditto on the WONTFIX suspicion, though I do like the idea.
OS: Windows XP → All
Hardware: x86 → All
Summary: Add-On Collector: Support clickable links in comments or description → Support clickable links in comments or description
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 343573
This is not a duplicate. This bug only asks the system to linkify text links. Yours is to request support of limited use of HTML. I see messages concerning XSS when supporting limited HTML. I doubt it would be implemented any time soon.

My suggestion is safe from XSS exploits. We only scan for text links and convert it into clickable links. No way a malicious user can trigger XSS attacks here.

Regarding spam I rarely see any spam review despite we don't have any CAPTCHA system in place. I think you have done a good job here, haven't you? You do have put some anti-spam techniques in the forms already, haven't you? For example, invisible/hidden field to catch spambots.

There is an effective way to null spammers' efforts if you are concerned about it. Add "nofollow" tags to the links in reviews or comments. "Nofollow" links don't give any search ranking bonus to the spammer, nullifying their desire to spam there.
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
Summary: Support clickable links in comments or description → Support clickable links in comments, reviews, descriptions etc.
The problem of linking to random .xpi files somewhere on the Internet remains, which is exactly why at its core, this is a duplicate of bug 343573, albeit more narrow in scope than that bug.

Duping to a closer relative though.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago13 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 425508
(In reply to comment #7)
> The problem of linking to random .xpi files somewhere on the Internet remains,
> which is exactly why at its core, this is a duplicate of bug 343573, albeit
> more narrow in scope than that bug.
> 

We need to split the problem into several:
1. Links are not a problem in addon description as the author is trustworthy. It's rare they would spam here. So we should enable clickable links on this part as soon as possible.

2. The risk of posting random .xpi in a review doesn't actually decrease whether you allow clickable links or not. Malicious users can always post the bad xpi as a text link and lure people to visit. Paste and go is only a slight inconvenience which won't stop them from visiting anyway. Ask yourself. Assume you are convinced that he has posted a very attractive addon for you to try. Would you stop visiting it simply because the link isn't clickable?

3. I fail to see how preventing links from clickable (don't forget people can still post links witohut it being clickable) help much resolving your above problem. We should rely on community monitor to report a review posting malicious links. Wikipedia works so don't underestimate it. Also we do believe good people outnumber bad people, don't we?

4. I have used Firefox for years. I enjoy reading reviews and know how people think about the addon. I usually read several pages of reviews, if exist. I never encounter a case where a user posts a malicious xpi. In fact it's rare people post random xpi in reviews.

5. Have you ever caught someone who posted malicious xpi links in reviews? We have already done a good job in keeping review section clean and free from spam.

6. There is always a risk involved for everything. You should do nothing and shut down your computer if you literally don't want to risk at all.

Summary: 
* It has literally no risk of allowing clickable links in addon descriptions. Don't you trust the addon developer in the first place?
* People can post links in reviews long time ago. Making links clickable doesn't really signify this kind of problems.

Conclusion:
We are over-worried things which pose a really low risk. We should support clickable links in comments, reviews and descriptions. At least support clickable links in addon descriptions if you don't bug any of the reasons above.
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.