Skip to content

fix(markdown): Ensure abbr: links render correctly in react-markdown v9+ #20648

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
crazywoola merged 3 commits into from
Jun 4, 2025
Merged

fix(markdown): Ensure abbr: links render correctly in react-markdown v9+ #20648

crazywoola merged 3 commits into from
Jun 4, 2025

Conversation

@xuzijie1995
Copy link
Contributor

@xuzijie1995 xuzijie1995 commented Jun 4, 2025
edited
Loading

Fixes #16243

Summary

In the early Dify version 0.15.3 (using react-markdown: "^8.0.6"), custom URL schemes like next advice and advice rendered as interactive links as intended. However, when later Dify versions upgraded to React-Markdown v9+, stricter default URL filtering (a security improvement) inadvertently removed support for schemes like abbr:. Consequently, these links no longer render interactively, impacting user experience.

This commit introduces a customUrlTransform function, now strategically located in web/app/components/base/markdown/markdown-utils.ts for better code organization. This function is passed to the ReactMarkdown component's urlTransform prop.

The customUrlTransform function ensures that:

  • The custom 'abbr:' protocol is explicitly allowed, restoring its functionality.
  • Standard safe web protocols (http, https, mailto, xmpp, irc, ircs) continue to be permitted.
  • Page-local fragments (#), protocol-relative URLs (//), and all purely relative paths are correctly handled and allowed.
  • Other potentially unsafe or unsupported URL schemes are disallowed by returning undefined, prompting react-markdown to remove the link or href attribute.

This change restores the intended functionality for 'abbr:' links, allowing users to interact with them as designed, while maintaining robust URL handling and security for the Markdown rendering component. The solution is self-contained and does not rely on external dummy URLs for parsing, making it suitable for self-hosted deployments.

Screenshots

iShot_2025-06-04_18.07.46.mp4

Checklist

  • This change requires a documentation update, included: Dify Document
  • I understand that this PR may be closed in case there was no previous discussion or issues. (This doesn't apply to typos!)
  • I've added a test for each change that was introduced, and I tried as much as possible to make a single atomic change. (自测已覆盖多种URL场景)
  • [] I've updated the documentation accordingly. (如果此更改不直接影响用户文档,则此项可能不适用,或指内部开发者文档)
  • [] I ran dev/reformat(backend) and cd web && npx lint-staged(frontend) to appease the lint gods

@xuzijie1995
fix(markdown): Ensure abbr: links render correctly in react-markdown v9+
f78a4c8 
React-markdown v9 and later versions enforce stricter default URL filtering, which inadvertently removed support for custom URL schemes like 'abbr:'.

This commit introduces a `customUrlTransform` function, now located in `markdown-utils.ts`. This function is passed to the `ReactMarkdown` component to:
- Explicitly allow the 'abbr:' protocol.
- Permit standard safe web protocols (http, https, mailto, xmpp, irc, ircs).
- Allow page-local fragments (#), protocol-relative URLs (//), and all purely relative paths.
- Disallow other potentially unsafe or unsupported URL schemes.

This restores the intended functionality for 'abbr:' links while maintaining robust URL handling and security for the Markdown component.
@dosubot dosubot bot added size:M This PR changes 30-99 lines, ignoring generated files. ☕️ typescript labels Jun 4, 2025
@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Jun 4, 2025
@crazywoola crazywoola merged commit 4f06645 into langgenius:main Jun 4, 2025
5 checks passed
@laipz8200 laipz8200 mentioned this pull request Jun 11, 2025
Merged
jsincorporated pushed a commit to jsincorporated/asaAi that referenced this pull request Jul 8, 2025
@xuzijie1995 @jsincorporated
fix(markdown): Ensure abbr: links render correctly in react-markdown …
74e7498 
…v9+ (langgenius#20648)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crazywoola crazywoola crazywoola approved these changes

Assignees

No one assigned

Labels

lgtm This PR has been approved by a maintainer size:M This PR changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Reply button Link (abbr) is broken

2 participants

@xuzijie1995 @crazywoola