Whitelist attribute in GitLab Flavored Markdown

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem to solve

I want to verify my GitLab repository from Mastodon. Mastodon can verify ownership of any webpage by linking back to it with rel="me".

In order to do this, I need to put something like this in my project README: <a rel="me" href="https://mastodon.gamedev.place/@voadi">Mastodon</a>

When I use that code in my project README, the rel attribute is removed. I would like the rel attribute to be whitelisted.

Further details

This is a useful feature in general. When rel is used with an <a> tag, it usually describes a semantic relationship with the linked content. For example, <a rel="license" href="..."> indicates that the link leads to a license file.

You can see the full list of link types.

Proposal

Whitelist the rel attribute for <a> tags when rendering markdown files.

GitLab does add nofollow noreferrer noopener to all links in project markdown files, which is fine. I think these can be merged with whatever is written in the tag already

What does success look like, and how can we measure that?

rel attributes are not stripped from <a> tags in GFMD.

Links / references

• GFMD docs on HTML
• GFMD uses HTML::Pipeline's SanitizationFilter class, which only whitelists href for <a> by default.