Defect #43890
open
Wiki links with underscores in page names produce broken URLs after upgrade to Redmine 6.x
Description
Environment¶
- Redmine version: 6.1.0
- Previously working on: Redmine 5.x (same database, same content)
- Text formatting: CommonMark Markdown (GitHub Flavored) — used on both versions
- commonmarker gem: 2.x (Redmine 6.x) — previously 0.23.x (Redmine 5.x)
Description¶
After upgrading from Redmine 5.x to 6.1, wiki links to pages whose titles contain underscores produce broken URLs. The underscore characters (_) inside [[ ]] wiki link syntax are being interpreted as CommonMark emphasis delimiters by the new commonmarker 2.x engine (comrak-based), resulting in <span> and <em> HTML tags leaking into the generated href attribute.
This is a regression caused by the commonmarker gem major version upgrade from 0.23.x (cmark-gfm based) to 2.x (comrak-based). The wiki content in the database has not changed, parse_wiki_links in application_helper.rb has not changed, and the text formatting setting (CommonMark) has not changed — only the underlying Markdown parsing engine changed.
Editor corruption¶
When editing the affected wiki page in Redmine 6.1, the editor textarea shows backslash-escaped underscores that were not present in the original content:
Redmine 6.1 editor shows:
* [[SMTP\_-\_emaily\|SMTP - emaily]]
Redmine 5.x editor shows (correct, matches database content):
* [[SMTP_-_emaily|SMTP - emaily]]
The backslash escaping is being inserted by the rendering pipeline — it is not present in the database. This means that if a user edits and saves a page on 6.1, the escaped version (_) gets written back to the database, permanently corrupting the content.
Expected result (Redmine 5.x with commonmarker 0.23.x)¶
/projects/myproject/wiki/SMTP_-_emaily
Actual result (Redmine 6.1 with commonmarker 2.x)¶
/projects/myproject/wiki/SMTP%3Cspan%3E%3Cem%3E%3Cspan%3E-%3Cspan%3E%3Cspan%3E%3Cspan%3E%3Cem%3E%3Cspan%3Eemaily%3Cspan%3E?parent=Wiki
URL-decoded, this reveals emphasis/span tags injected where the underscores were:
SMTP<span><em><span>-<span><span><span><em><span>emaily<span>
Root cause analysis¶
The commonmarker gem was upgraded from 0.23.x (C-based cmark-gfm wrapper) to 2.x (Rust-based comrak wrapper) in Redmine 6.0. The new comrak engine handles intra-word emphasis differently. Where the old cmark-gfm engine left underscores inside [[...]] wiki link markup alone, the new comrak engine interprets them as emphasis delimiters and wraps the content in <em>/<span> tags.
The parse_wiki_links method in app/helpers/application_helper.rb has not changed, and it extracts page names from $3 in its regex match. However, the page name captured from the text already contains the HTML emphasis tags injected by the CommonMark engine, which then end up URL-encoded in the generated link.
Impact¶
This issue is especially severe because:
It affects all existing wiki links to pages with underscores in their titles — no content change is needed to trigger the regression
Editing and saving corrupts the database — the backslash-escaped underscores get written back permanently
Files
Updated by Go MAEDA 24 days ago
- File clipboard-202603221110-o5xur.png clipboard-202603221110-o5xur.png added
- File clipboard-202603221111-ckouc.png clipboard-202603221111-ckouc.png added
- File clipboard-202603221119-7xlvk.png clipboard-202603221119-7xlvk.png added
I was not able to reproduce the issue you reported.
Could you please check whether I followed the correct steps below, and let me know if anything is missing or different in your setup?
1. Create a wiki page named SMTP_-_emaily.
2. On another wiki page, add and save this link to that page: [[SMTP_-_emaily|SMTP - emaily]]
3. In my test, the issue did not occur, and the link to the SMTP_-_emaily page was displayed correctly.
Updated by
Updated by Holger Just 22 days ago
- Status changed from New to Needs feedback
I'm also unable to reproduce this issue.
Do you use any plugins, have performed by manual code changes to Redmine, or do you use a custom theme? If so, this issue is likely caused by one of these customizations. Please (temporarily) remove all plugins and use the default theme to check if this issue still occurs. If it does, try to gather more details about this issue which would allow us to reproduce this in an unchanged Redmine.
In any case, Redmine's editor fields always show the raw unchanged wiki text (i.e. the raw markdown) form the database. During Redmine updates, this stored text is not changed. As such, unless you have performed additional manual changes, your observed behavior does not appear to be possible.