Skip to content

Matching attachments we support with what github supports

Max Fan requested to merge github-markdown-attachment-parity into master

What does this MR do and why?

This restricts possible attachments we import from GitHub. Currently, the attachment link is hidden behind GitHub's redirect link (Eg. https://github.com/MaxPIsa/testrepo/assets/142635249/625a76d0-d9e4-4f36-a5e2-e9563d498296). And only by accessing this link, will we know the file attachment extension of the image.

There's no security concern right now as everything GitHub supports we already support: https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/attaching-files

Screenshots or screen recordings

The URLs of attachments that are not supported are not changed. In the screenshot, the https://github.com/MaxPIsa/publicImagesRepo/assets/142635249/5ff826ef-1ddd-4c43-a3e2-94414b42fc00 url links to an attachment that's not supported.

Before After
image.png image.png

How to set up and validate locally

  1. Create an image attachment on GitHub's issue or Pull Request
  2. Manually change gitlab/lib/gitlab/github_import/attachments_downloader#MEDIA_TYPE_EXTENSIONS and remove one eg (.jpg)
  3. Import to Gitlab using https://docs.gitlab.com/ee/user/project/import/github.html
    1. Ensure copy markdown file checkbox is enabled
  4. When importing, the image with the extension you removed in step 2 only has its url in the markdown. It doesn't upload the file to gitlab nor does it edit the url link

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Max Fan

Merge request reports

Loading