Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Addon summary automatically adds link html markup to text #15369

Open
1 task done
axlwaii opened this issue Feb 18, 2025 · 4 comments · May be fixed by mozilla/addons-server#23119
Open
1 task done

[Bug]: Addon summary automatically adds link html markup to text #15369

axlwaii opened this issue Feb 18, 2025 · 4 comments · May be fixed by mozilla/addons-server#23119
Assignees
@diox
Milestone
2025.03.06

Comments

@axlwaii
Copy link

axlwaii commented Feb 18, 2025
edited by data-sync-user
Loading

What happened?

Addon Pages automatically adds link markup for text that matches link patterns. The links go to `prod.outgoing.prod.webservices.mozgcp.net', but they are not clickable or functional.

e.g.

What did you expect to happen?

Links are either ...

  • clickable and no HTML markup is visible
  • or markup is removed if not intentionally added

Is there an existing issue for this?

  • I have searched the existing issues

┆Issue is synchronized with this Jira Task
@diox
Copy link
Member

diox commented Feb 25, 2025

We started preventing links in summaries and eventually decided to be more aggressive against them, to avoid spam/malicious links (#15254)

Those add-ons already had links in summaries and should be cleaned up. We need to run some numbers to see if it makes sense to automate that or simply ask developers to fix the text themselves.

@Rob--W
Copy link
Member

Rob--W commented Feb 25, 2025

Anecdotally of course, but two of my add-ons are affected by this. These are auto-generated, which makes it feasible to parse/replace automatically.

https://addons.mozilla.org/en-US/firefox/addon/crxviewer/

View source code of Firefox add-ons and Chrome extensions (crx/nex/xpi) from <a href="http://addons.mozilla.org" rel="nofollow">addons.mozilla.org</a>, the Chrome Webstore and elsewhere, with CRX Viewer (crxviewer).

https://addons.mozilla.org/en-US/firefox/addon/dont-slack-redir/

An efficient way to prevent Slack from replacing links with <a href="https://prod.outgoing.prod.webservices.mozgcp.net/v1/b722ca95d5c185ef754582cdedd5c7e09925155cee456b493441c6b5592ad915/http%3A//slack-redir.net" rel="nofollow">slack-redir.net</a>, while still protecting privacy (against referrer leakage).

@diox
Copy link
Member

diox commented Feb 25, 2025
edited
Loading

There is a significant number of add-ons impacted: 4.3k publicly listed extensions (and a lot more themes).

@diox
Copy link
Member

diox commented Feb 25, 2025

I think we should copy localized_string to localized_string_clean for affected summaries. This would leave the link if it was added before we started preventing their addition, but without the HTMLification, so it would simply render as plain text.

@diox diox added this to the 2025.03.06 milestone Feb 26, 2025
@diox diox linked a pull request Feb 26, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@diox diox

Labels
None yet
Projects
None yet
Milestone
2025.03.06
Development

Successfully merging a pull request may close this issue.

Add task to remove HTML from public add-on summaries diox/olympia
4 participants
@diox @axlwaii @Rob--W @data-sync-user