Invalid Markdown footnote can cause a 500 error (!75054) · Merge requests · GitLab.org / GitLab

Brett Walker requested to merge 346297-actionview-template-error-cannot-add-sibling-to-a-node-with-no-parent into master Nov 22, 2021

What does this MR do and why?

An invalid or specially crafted markdown footnote could cause a 500 error, as shown in #346297 (closed)

An example:

1. [one](#fnref-1)

will cause a 500 error.

Our code was detecting a footnote when there wasn't one. This lead to trying to access a DOM node that doesn't exist.

What we're doing now is whitelisting the <section data-footnotes>, which markdown adds. We usually strip it out, and then have to re-detect the footnote and add it back in. Now it's whitelisted, we can much better detect the footnote section and operate on it.

How to set up and validate locally

Enable the feature flag use_cmark_renderer: Feature.enable(:use_cmark_renderer)
Add 1. [one](#fnref-1) to a comment or issue description to see the error.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #346297 (closed)

Edited Dec 01, 2021 by Brett Walker

Invalid Markdown footnote can cause a 500 error

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports