| Ticket UUID: | deec415df4b6217da52b8d5b62f5f2a2fa9d9328 | |||
| Title: | Links are surrounded by < > when inlined as code snippets | |||
| Status: | Closed | Type: | Bug | |
| Severity: | Minor | Priority: | Low | |
| Subsystem: | Slack | Resolution: | Works_As_Designed | |
| Last Modified: | 2019-09-03 19:16:53 | |||
| Version Found In: | ||||
|
feld — 2019-09-03 17:15:49 This happens when using Ripcord for Slack: e.g.:
Instead it displays like this in Ripcord, including when you copy the message for pasting elsewhere:
| ||||
|
cancel — 2019-09-03 19:16:53 This is an inconsistency in Slack, not Ripcord. Slack's service and client do not behave consistently with URLs inside of code spans and code blocks. Sometimes the links will be clickable when they shouldn't, and it's possible for unsafe/unfiltered URLs to be passed through the server within code blocks without safety checks being performed by the server. This is a security attack vector and it has been a problem for Slack in the past. In reality, these links in code spans/blocks should never be clickable. It's a flaw in Slack that they are clickable. Ripcord's parser is more accurate and strict than the parser in Slack's web client, and it does not allow these links to be clickable (with a special exception for bots which commonly abuse this, like GitHub's, in order to create links with monospace fonts.) If Slack ever makes clickable URLs in code spans behave in a consistent way, and their server always properly checks the links, then I could consider adding a feature in Ripcord to explicitly allow it. Until and unless that happens, Ripcord will not make URLs in code spans and code blocks clickable. | ||||