Skip to content

Inconsistent markdown escaping and 500 error when markdown contains html like string affects issues and merge requests

Summary

Some text entered in rich text results in a 500 Internal Server Error when posted, or changes when switching to plain text editor and back

Steps to reproduce

  1. Start a post on an issue or MR, with one of the following:
  • Rich text: <foo bar="> _bax_dsdf
  • Rich text: <foo> _ab_
  1. Switch to plain text editing
  2. Switch back to rich text editing
  3. Post comment

Example Project

It happens in this project

What is the current bug behavior?

The first example results in an internal server error, in the second, the <foo> is removed

What is the expected correct behavior?

The text entered in rich text should be the same after switching back (and the same text displayed when posted)

Relevant logs and/or screenshots

image

image

Documentation

Also, the markdown documentation isn't all that clear on how to correctly escape characters in GitLab markdown. There are a few examples of escaping (backticks and pipes), but not a list of what can / can't be escaped, or what contexts need / allow escaping (eg it seems to work differently inside code blocks).

Similar issues

https://gitlab.com/gitlab-org/gitlab/-/issues/296257