Project

General

Profile

Actions
Copy link

Defect #43890

open

Wiki links with underscores in page names produce broken URLs after upgrade to Redmine 6.x

Added by Max Hejda 27 days ago. Updated 22 days ago.

Status:
Needs feedback
Priority:
Normal
Assignee:
-
Category:
Wiki
Target version:
-
Resolution:
Affected version:
6.1.0

Description

Environment

  • Redmine version: 6.1.0
  • Previously working on: Redmine 5.x (same database, same content)
  • Text formatting: CommonMark Markdown (GitHub Flavored) — used on both versions
  • commonmarker gem: 2.x (Redmine 6.x) — previously 0.23.x (Redmine 5.x)

Description

After upgrading from Redmine 5.x to 6.1, wiki links to pages whose titles contain underscores produce broken URLs. The underscore characters (_) inside [[ ]] wiki link syntax are being interpreted as CommonMark emphasis delimiters by the new commonmarker 2.x engine (comrak-based), resulting in <span> and <em> HTML tags leaking into the generated href attribute.

This is a regression caused by the commonmarker gem major version upgrade from 0.23.x (cmark-gfm based) to 2.x (comrak-based). The wiki content in the database has not changed, parse_wiki_links in application_helper.rb has not changed, and the text formatting setting (CommonMark) has not changed — only the underlying Markdown parsing engine changed.

Editor corruption

When editing the affected wiki page in Redmine 6.1, the editor textarea shows backslash-escaped underscores that were not present in the original content:

Redmine 6.1 editor shows:

*   [[SMTP\_-\_emaily\|SMTP - emaily]]

Redmine 5.x editor shows (correct, matches database content):

*   [[SMTP_-_emaily|SMTP - emaily]]

The backslash escaping is being inserted by the rendering pipeline — it is not present in the database. This means that if a user edits and saves a page on 6.1, the escaped version (_) gets written back to the database, permanently corrupting the content.

Expected result (Redmine 5.x with commonmarker 0.23.x)

/projects/myproject/wiki/SMTP_-_emaily

Actual result (Redmine 6.1 with commonmarker 2.x)

/projects/myproject/wiki/SMTP%3Cspan%3E%3Cem%3E%3Cspan%3E-%3Cspan%3E%3Cspan%3E%3Cspan%3E%3Cem%3E%3Cspan%3Eemaily%3Cspan%3E?parent=Wiki

URL-decoded, this reveals emphasis/span tags injected where the underscores were:
SMTP<span><em><span>-<span><span><span><em><span>emaily<span>

Root cause analysis

The commonmarker gem was upgraded from 0.23.x (C-based cmark-gfm wrapper) to 2.x (Rust-based comrak wrapper) in Redmine 6.0. The new comrak engine handles intra-word emphasis differently. Where the old cmark-gfm engine left underscores inside [[...]] wiki link markup alone, the new comrak engine interprets them as emphasis delimiters and wraps the content in <em>/<span> tags.
The parse_wiki_links method in app/helpers/application_helper.rb has not changed, and it extracts page names from $3 in its regex match. However, the page name captured from the text already contains the HTML emphasis tags injected by the CommonMark engine, which then end up URL-encoded in the generated link.

Impact

This issue is especially severe because:

It affects all existing wiki links to pages with underscores in their titles — no content change is needed to trigger the regression
Editing and saving corrupts the database — the backslash-escaped underscores get written back permanently

Files

Download all files
clipboard-202603221110-o5xur.png (25.2 KB) clipboard-202603221110-o5xur.png Go MAEDA, 2026-03-22 03:10
clipboard-202603221111-ckouc.png (16.9 KB) clipboard-202603221111-ckouc.png Go MAEDA, 2026-03-22 03:11
clipboard-202603221119-7xlvk.png (24.1 KB) clipboard-202603221119-7xlvk.png Go MAEDA, 2026-03-22 03:20
Actions
Copy link

Also available in: Atom PDF