Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-82508

Ability to configure text-to-hyperlink behaviour so that only a url with scheme converts to a hyperlink

    • 0
    • 5
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Current behaviour

      Typed or pasted text that is determined by Jira Cloud to be a URL is automatically converted to a hyperlink:
      Screen Recording 2023-12-06 at 11.28.11 am.mov

      Desired behaviour

      This behaviour should be configurable so that a user can select what should be converted to a URL:
       

      I do not want foo.com changed to a URL, I do not want readme.md changed to a URL. It's not a URL. Unless I type http://foo.com, it's not a URL, so don't corrupt my input by adding unwanted and misleading changes.

       

      Workaround

      Currently, there are two ways to avoid a hyperlink being added:

      1. Use the Code formatting
      2. Use the Code Snippet (Display code with syntax highlighting)
      3. Or you can manually remove the link/URL

          Form Name

            [JRACLOUD-82508] Ability to configure text-to-hyperlink behaviour so that only a url with scheme converts to a hyperlink

            Hey everyone! I’m Venkatesh, a PM on the Atlassian Platform team. 

            We’ve heard your feedback and now prevent automatic hyperlinking of certain TLDs such as `.md` and `.zip` unless they are prefixed with `http://`, `https://` or `www`. This change has rolled out to Jira & Confluence and will soon arrive more widely across Atlassian products. We’re exploring whether to further alter our text linkification behaviour to include more TLDs and would love your feedback. 

            Kind regards, 

            Venkatesh | Product Manager - Atlassian platform

            Venkatesh Vasudevan (Inactive) added a comment - Hey everyone! I’m Venkatesh, a PM on the Atlassian Platform team.  We’ve heard your feedback and now prevent automatic hyperlinking of certain TLDs such as `.md` and `.zip` unless they are prefixed with `http://`, `https://` or `www`. This change has rolled out to Jira & Confluence and will soon arrive more widely across Atlassian products. We’re exploring whether to further alter our text linkification behaviour to include more TLDs and would love your feedback.  Kind regards,  Venkatesh | Product Manager - Atlassian platform

            Atlassian, please prevent the auto-hyperlinking of "readme.md", "license.md", "contributing.md", etc. No "*.md" should auto-hyperlink as 99% of the time, in this product it will be a reference to an internal artifact for an organization and not a 3rd party website.

            Alex Atkinson added a comment - Atlassian, please prevent the auto-hyperlinking of "readme.md", "license.md", "contributing.md", etc. No "*.md" should auto-hyperlink as 99% of the time, in this product it will be a reference to an internal artifact for an organization and not a 3rd party website.

            John Rocha added a comment -

            This is really bad.

            This is a security risk.

            Jira's automatic addition of a link causes the text message to be less secure.

            This is a way for malware distributors to place their infection sites in a simple name like install.md, or copyright.md, etc. And a Jira user clicks on it thinking they are getting details for their work, but instead Atlassian is shunting the user into potentially dangerous destinations.

             
            As an example example consider the following text is entered

            Change Description
            
            Updated the README.md file with more detailed steps.
            
            Update Changes.md with release note changes.
            
            Update Install.md with new install steps
            

             

            The entries README.md, Changes.md and Install.md are turned into hyperlinks.

            This is extremely bad, because the reader will assume that these are hyperlinks to the mentioned files. And if they click on them with the intent to see the new contents, they will instead be taken to an internet link in the wild.

            README.md takes you to https://tiloid.com/.

            Changes.md takes you to "unreachable" page.

            Install.md is scary. It takes you to a blank page.

            $ nslookup install.md
            Non-authoritative answer:
            Server:  DC3.stratovan.com
            Address:  192.168.100.2
            
            Name:    install.md
            Address:  104.247.81.54
            

             

            John Rocha added a comment - This is really bad. This is a security risk. Jira's automatic addition of a link causes the text message to be less secure. This is a way for malware distributors to place their infection sites in a simple name like install.md , or copyright.md , etc. And a Jira user clicks on it thinking they are getting details for their work, but instead Atlassian is shunting the user into potentially dangerous destinations.   As an example example consider the following text is entered Change Description Updated the README.md file with more detailed steps. Update Changes.md with release note changes. Update Install.md with new install steps   The entries README.md , Changes.md and Install.md are turned into hyperlinks. This is extremely bad, because the reader will assume that these are hyperlinks to the mentioned files. And if they click on them with the intent to see the new contents, they will instead be taken to an internet link in the wild. README.md takes you to https://tiloid.com/. Changes.md takes you to "unreachable" page. Install.md is scary. It takes you to a blank page. $ nslookup install.md Non-authoritative answer: Server: DC3.stratovan.com Address: 192.168.100.2 Name: install.md Address: 104.247.81.54  

              Unassigned Unassigned
              23ef3e30d63c Anusha Rutnam
              Votes:
              5 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: