Redmine

h2. Environment

* *Redmine version:* 6.1.0
* *Previously working on:* Redmine 5.x (same database, same content)
* *Text formatting:* CommonMark Markdown (GitHub Flavored) — used on both versions
* *commonmarker gem:* 2.x (Redmine 6.x) — previously 0.23.x (Redmine 5.x)

h2. Description

After upgrading from Redmine 5.x to 6.1, wiki links to pages whose titles contain underscores produce broken URLs. The underscore characters (@_@) inside @[[ ]]@ wiki link syntax are being interpreted as CommonMark emphasis delimiters by the new commonmarker 2.x engine (comrak-based), resulting in @<span>@ and @<em>@ HTML tags leaking into the generated @href@ attribute.

This is a regression caused by the commonmarker gem major version upgrade from 0.23.x (cmark-gfm based) to 2.x (comrak-based). The wiki content in the database has not changed, @parse_wiki_links@ in @application_helper.rb@ has not changed, and the text formatting setting (CommonMark) has not changed — only the underlying Markdown parsing engine changed.

h2. Editor corruption

When editing the affected wiki page in Redmine 6.1, the editor textarea shows backslash-escaped underscores that were *not* present in the original content:

*Redmine 6.1 editor shows:*

<pre>
*   [[SMTP\_-\_emaily\|SMTP - emaily]]
</pre>
Redmine 5.x editor shows (correct, matches database content):
<pre>
*   [[SMTP_-_emaily|SMTP - emaily]]
</pre>
The backslash escaping is being inserted by the rendering pipeline — it is not present in the database. This means that if a user edits and saves a page on 6.1, the escaped version (@_@) gets written back to the database, permanently corrupting the content.
h2. Expected result (Redmine 5.x with commonmarker 0.23.x)
<pre>
/projects/myproject/wiki/SMTP_-_emaily
</pre>
h2. Actual result (Redmine 6.1 with commonmarker 2.x)
<pre>
/projects/myproject/wiki/SMTP%3Cspan%3E%3Cem%3E%3Cspan%3E-%3Cspan%3E%3Cspan%3E%3Cspan%3E%3Cem%3E%3Cspan%3Eemaily%3Cspan%3E?parent=Wiki
</pre>
URL-decoded, this reveals emphasis/span tags injected where the underscores were:
<pre>
SMTP<span><em><span>-<span><span><span><em><span>emaily<span>
</pre>
h2. Root cause analysis
The @commonmarker@ gem was upgraded from 0.23.x (C-based cmark-gfm wrapper) to 2.x (Rust-based comrak wrapper) in Redmine 6.0. The new comrak engine handles intra-word emphasis differently. Where the old cmark-gfm engine left underscores inside @[[...]]@ wiki link markup alone, the new comrak engine interprets them as emphasis delimiters and wraps the content in @<em>@/@<span>@ tags.
The @parse_wiki_links@ method in @app/helpers/application_helper.rb@ has not changed, and it extracts page names from @$3@ in its regex match. However, the page name captured from the text already contains the HTML emphasis tags injected by the CommonMark engine, which then end up URL-encoded in the generated link.
h2. Impact
This issue is especially severe because:

It affects all existing wiki links to pages with underscores in their titles — no content change is needed to trigger the regression
Editing and saving corrupts the database — the backslash-escaped underscores get written back permanently