Angle brackets in markdown

[DeemGit]

Environment

• Python version: 3.9
• NetBox version: 2.10.1

Steps to Reproduce

1. Create/edit a device
2. Add comment with markdown syntax, for e.g.:
   External Link <http://google.com>

Expected Behavior

Markdown should render <http://google.com> to <a href="http://google.com">http://google.com</a>

Observed Behavior

No link rendered.

Caused by

netbox/utilities/templatetags/helpers.py:
def render_markdown(value):
...
# Strip HTML tags
value = strip_tags(value)

strip_tags cuts any angle brackets despite on valid markdown syntax.

[marcus-crane]

Hey DeemGit,

The standard Markdown format for links is [link title](https://example.com) which would render the following HTML: <a href="https://example.com">link title</a>

While I believe it's a feature of Github Flavoured Markdown to turn any plain text URL into a link automatically, that is a custom extension that isn't part of the standard Markdown specification

I just tested it on our internal instance though and using the above [x](y) format does generate a link within the device comments

[DeemGit]

Hey Marcus!

From official markdown documentation:
URLs and URLs in angle brackets will automatically get turned into links. http://www.example.com or <http://www.example.com> and sometimes example.com (but not on Github, for example).

If you comment the following line
#value = strip_tags(value)

It will work in netbox as well.

[DanSheps]

Moving this to a discussion

[jeremystretch]

Tags are stripped to prevent malicious code injection. Unfortunately, permitting certain tags while disallowing potentially dangerous ones is non-trivial. Given that the bracket-parenthesis format can easily be used to achieve the same end state, I don't believe any further focus on this is justified.

[DeemGit]

I proposed a simple solution in pull request.

[jeremystretch]

Simple as it is, it's still more complex than what we have today.