Skip to content

Add tel: as href support #904

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ValeryVerkhoturov wants to merge 2 commits into from
Closed

Add tel: as href support #904

ValeryVerkhoturov wants to merge 2 commits into from
+8 −1

Conversation

@ValeryVerkhoturov
Copy link

@ValeryVerkhoturov ValeryVerkhoturov commented Apr 7, 2025

Initial checklist

  • I read the support docs
  • I read the contributing guide
  • I agree to follow the code of conduct
  • I searched issues and discussions and couldn’t find anything or linked relevant results below
  • I made sure the docs are up to date
  • I included tests (or that’s not needed)

Description of changes

Add support tel as href:

<Markdown children="[](tel:+12345678910)" />

@github-actions github-actions bot added 👋 phase/new Post is being triaged automatically 🤞 phase/open Post is being triaged manually and removed 👋 phase/new Post is being triaged automatically labels Apr 7, 2025
@codecov
Copy link

codecov bot commented Apr 7, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (2245c64) to head (89ab21e).
Report is 46 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##              main      #904    +/-   ##
==========================================
  Coverage   100.00%   100.00%            
==========================================
  Files            3         3            
  Lines         1354      1746   +392     
  Branches       113       124    +11     
==========================================
+ Hits          1354      1746   +392

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

JounQin
JounQin requested changes Apr 7, 2025
View reviewed changes
@JounQin
Update lib/index.js
89ab21e 
Signed-off-by: JounQin <[email protected]>
@ChristianMurphy
Copy link
Member

ChristianMurphy commented Apr 7, 2025

Tel is intentionally not supported #865, #829, and #655 (comment), but can be added through an option

@JounQin
Copy link
Member

JounQin commented Apr 7, 2025
edited
Loading

https://spec.commonmark.org/0.22/#scheme

@ChristianMurphy It seems there are a lot of protocols supported in commonmark spec.

Oh, sorry, the latest version is https://spec.commonmark.org/0.31.2/#scheme

@ChristianMurphy
Copy link
Member

ChristianMurphy commented Apr 7, 2025

There are a lot that are parsed, but they are intentionally filtered out to make renders safe, for example GFM e.g. <tel:+12345678910> renders as tel:+12345678910

@JounQin
Copy link
Member

JounQin commented Apr 7, 2025

@ChristianMurphy Thanks for clarification, just found the related commit 08ead9e

But it lacks explanation why it's removed and considered as unsafe, and why gfm is considered.

@wooorm
Copy link
Member

wooorm commented Apr 7, 2025

The default is what GH does (not particularly GFM, that’s only a part of everything that GH does). GH has a small allow list. That small list is safe. We follow GH in many cases.

You can configure things: see the readme: pass a urlTransform option!

@wooorm wooorm closed this Apr 7, 2025
@github-actions

This comment was marked as resolved.

Sign in to view
@wooorm wooorm added the 🙅 no/wontfix This is not (enough of) an issue for this project label Apr 7, 2025
@github-actions

This comment was marked as resolved.

Sign in to view
@github-actions github-actions bot added 👎 phase/no Post cannot or will not be acted on and removed 🤞 phase/open Post is being triaged manually labels Apr 7, 2025
@JounQin
Copy link
Member

JounQin commented Apr 7, 2025
edited
Loading

The default is what GH does (not particularly GFM, that’s only a part of everything that GH does). GH has a small allow list. That small list is safe. We follow GH in many cases.

You can configure things: see the readme: pass a urlTransform option!

@wooorm Maybe it's worth to mention that we follow GitHub's behavior as default at https://github.com/remarkjs/react-markdown#security

wooorm added a commit that referenced this pull request Apr 9, 2025
@wooorm
Add docs on internals of defaultUrlTransform
8545ebd 
Related-to GH-904.
@wooorm
Copy link
Member

wooorm commented Apr 9, 2025

Thanks for the suggestion. I added a paragraph on the internal workings of defaultUrlTransform. I think it fits better there!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JounQin JounQin JounQin requested changes

Assignees

No one assigned

Labels

🙅 no/wontfix This is not (enough of) an issue for this project 👎 phase/no Post cannot or will not be acted on

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ValeryVerkhoturov @ChristianMurphy @JounQin @wooorm