Broken images in markdown #3840

New Issue

GiteaMirror · 2025-11-02T05:27:50-06:00

GiteaMirror commented

2025-11-02 05:27:50 -06:00

Originally created by @Th3Whit3Wolf on GitHub (Aug 25, 2019).

Gitea version (or commit ref): 1.9.2
Git version: 2.22.0
Operating system: Debain 10, docker
Database (use [x]):
- PostgreSQL
- MySQL
- MSSQL
- SQLite
Can you reproduce the bug at https://try.gitea.io:
- Yes (provide example URL)
- No
- Not relevant
git log

2019/08/25 11:48:39 .../xorm/session_raw.go:87:queryRow() [I] [SQL] SELECT count(*) FROM "release" WHERE repo_id=$1 AND is_draft=$2 []interface {}{6, false}
2019/08/25 11:48:39 .../xorm/session_raw.go:87:queryRow() [I] [SQL] SELECT count(*) FROM "release" WHERE repo_id=$1 AND is_draft=$2 []interface {}{6, false}
2019/08/25 11:48:39 .../xorm/session_get.go:99:nocacheGet() [I] [SQL] SELECT "id", "owner_id", "lower_name", "name", "description", "website", "default_branch", "num_watches", "num_stars", "num_forks", "num_issues", "num_closed_issues", "num_pulls", "num_closed_pulls", "num_milestones", "num_closed_milestones", "is_private", "is_empty", "is_archived", "is_mirror", "is_fork", "fork_id", "size", "is_fsck_enabled", "close_issues_via_commit_in_any_branch", "topics", "avatar", "created_unix", "updated_unix" FROM "repository" WHERE (owner_id=$1 AND fork_id=$2) LIMIT 1 []interface {}{2, 6}
2019/08/25 11:48:39 .../xorm/session_get.go:99:nocacheGet() [I] [SQL] SELECT "id", "owner_id", "lower_name", "name", "description", "website", "default_branch", "num_watches", "num_stars", "num_forks", "num_issues", "num_closed_issues", "num_pulls", "num_closed_pulls", "num_milestones", "num_closed_milestones", "is_private", "is_empty", "is_archived", "is_mirror", "is_fork", "fork_id", "size", "is_fsck_enabled", "close_issues_via_commit_in_any_branch", "topics", "avatar", "created_unix", "updated_unix" FROM "repository" WHERE (owner_id=$1 AND fork_id=$2) LIMIT 1 []interface {}{2, 6}
2019/08/25 11:48:39 .../xorm/session_get.go:99:nocacheGet() [I] [SQL] SELECT "id", "user_id", "repo_id" FROM "watch" WHERE "user_id"=$1 AND "repo_id"=$2 LIMIT 1 []interface {}{2, 6}
2019/08/25 11:48:39 .../xorm/session_get.go:99:nocacheGet() [I] [SQL] SELECT "id", "user_id", "repo_id" FROM "watch" WHERE "user_id"=$1 AND "repo_id"=$2 LIMIT 1 []interface {}{2, 6}
2019/08/25 11:48:39 .../xorm/session_get.go:99:nocacheGet() [I] [SQL] SELECT "id", "uid", "repo_id" FROM "star" WHERE "uid"=$1 AND "repo_id"=$2 LIMIT 1 []interface {}{2, 6}
2019/08/25 11:48:39 .../xorm/session_get.go:99:nocacheGet() [I] [SQL] SELECT "id", "uid", "repo_id" FROM "star" WHERE "uid"=$1 AND "repo_id"=$2 LIMIT 1 []interface {}{2, 6}
2019/08/25 11:48:40 .../xorm/session_get.go:99:nocacheGet() [I] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "passwd", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "diff_view_style", "theme" FROM "user" WHERE "id"=$1 LIMIT 1 []interface {}{2}
2019/08/25 11:48:40 .../xorm/session_raw.go:87:queryRow() [I] [SQL] SELECT count(*) FROM "notification" WHERE (user_id = $1) AND (status = $2) []interface {}{2, 0x1}

Description

svg image is broken in Markup

Screenshots

Here's my README.md

# Goals

Here are the goals for the Web Working Group


![](https://gitea.neo-os.com/Web_WG/Goals/raw/branch/master/is-yes.svg)

![yes]

### Setup

| Status |       Task        |  Immplementation |
| -------| ----------------- | ---------------- |
| [x] | Code Repository   |      Gitea       |   
| [x]   | Wiki for Neo OS   |      Wikijs      |
|  [ ]   | Wiki For Repos    |      Documize    |
|  [ ]   |       Blog        |       Hugo       | 
|  [ ]   | Comments Server   |     Commento     |
|  [ ]   | Analytics Server  |      Matomo      |
|  [ ]   | CI/CD System      |        TBA       |
|  [ ]   | Project Manager   |       Taiga      |
|  [ ]   |       Forum       |       Flarum     |
|  [ ]   | Matrix Server     |        Ruma      |
|  [ ]   | Slack Alternative |     Mattermost   |


[yes]: ./is-yes.svg
[ehh]: ./is-ehh.svg
[no]:  ./is-no.svg

Originally created by @Th3Whit3Wolf on GitHub (Aug 25, 2019). - Gitea version (or commit ref): 1.9.2 - Git version: 2.22.0 - Operating system: Debain 10, docker - Database (use `[x]`): - [x] PostgreSQL - [ ] MySQL - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant - git log ``` 2019/08/25 11:48:39 .../xorm/session_raw.go:87:queryRow() [I] [SQL] SELECT count(*) FROM "release" WHERE repo_id=$1 AND is_draft=$2 []interface {}{6, false} 2019/08/25 11:48:39 .../xorm/session_raw.go:87:queryRow() [I] [SQL] SELECT count(*) FROM "release" WHERE repo_id=$1 AND is_draft=$2 []interface {}{6, false} 2019/08/25 11:48:39 .../xorm/session_get.go:99:nocacheGet() [I] [SQL] SELECT "id", "owner_id", "lower_name", "name", "description", "website", "default_branch", "num_watches", "num_stars", "num_forks", "num_issues", "num_closed_issues", "num_pulls", "num_closed_pulls", "num_milestones", "num_closed_milestones", "is_private", "is_empty", "is_archived", "is_mirror", "is_fork", "fork_id", "size", "is_fsck_enabled", "close_issues_via_commit_in_any_branch", "topics", "avatar", "created_unix", "updated_unix" FROM "repository" WHERE (owner_id=$1 AND fork_id=$2) LIMIT 1 []interface {}{2, 6} 2019/08/25 11:48:39 .../xorm/session_get.go:99:nocacheGet() [I] [SQL] SELECT "id", "owner_id", "lower_name", "name", "description", "website", "default_branch", "num_watches", "num_stars", "num_forks", "num_issues", "num_closed_issues", "num_pulls", "num_closed_pulls", "num_milestones", "num_closed_milestones", "is_private", "is_empty", "is_archived", "is_mirror", "is_fork", "fork_id", "size", "is_fsck_enabled", "close_issues_via_commit_in_any_branch", "topics", "avatar", "created_unix", "updated_unix" FROM "repository" WHERE (owner_id=$1 AND fork_id=$2) LIMIT 1 []interface {}{2, 6} 2019/08/25 11:48:39 .../xorm/session_get.go:99:nocacheGet() [I] [SQL] SELECT "id", "user_id", "repo_id" FROM "watch" WHERE "user_id"=$1 AND "repo_id"=$2 LIMIT 1 []interface {}{2, 6} 2019/08/25 11:48:39 .../xorm/session_get.go:99:nocacheGet() [I] [SQL] SELECT "id", "user_id", "repo_id" FROM "watch" WHERE "user_id"=$1 AND "repo_id"=$2 LIMIT 1 []interface {}{2, 6} 2019/08/25 11:48:39 .../xorm/session_get.go:99:nocacheGet() [I] [SQL] SELECT "id", "uid", "repo_id" FROM "star" WHERE "uid"=$1 AND "repo_id"=$2 LIMIT 1 []interface {}{2, 6} 2019/08/25 11:48:39 .../xorm/session_get.go:99:nocacheGet() [I] [SQL] SELECT "id", "uid", "repo_id" FROM "star" WHERE "uid"=$1 AND "repo_id"=$2 LIMIT 1 []interface {}{2, 6} 2019/08/25 11:48:40 .../xorm/session_get.go:99:nocacheGet() [I] [SQL] SELECT "id", "lower_name", "name", "full_name", "email", "keep_email_private", "passwd", "must_change_password", "login_type", "login_source", "login_name", "type", "location", "website", "rands", "salt", "language", "description", "created_unix", "updated_unix", "last_login_unix", "last_repo_visibility", "max_repo_creation", "is_active", "is_admin", "allow_git_hook", "allow_import_local", "allow_create_organization", "prohibit_login", "avatar", "avatar_email", "use_custom_avatar", "num_followers", "num_following", "num_stars", "num_repos", "num_teams", "num_members", "visibility", "diff_view_style", "theme" FROM "user" WHERE "id"=$1 LIMIT 1 []interface {}{2} 2019/08/25 11:48:40 .../xorm/session_raw.go:87:queryRow() [I] [SQL] SELECT count(*) FROM "notification" WHERE (user_id = $1) AND (status = $2) []interface {}{2, 0x1} ``` ## Description svg image is broken in Markup ## Screenshots ![image](https://user-images.githubusercontent.com/48275422/63649443-a9f34f80-c735-11e9-83b9-404a0fb1d587.png) Here's my README.md ```md # Goals Here are the goals for the Web Working Group ![](https://gitea.neo-os.com/Web_WG/Goals/raw/branch/master/is-yes.svg) ![yes] ### Setup | Status | Task | Immplementation | | -------| ----------------- | ---------------- | | [x] | Code Repository | Gitea | | [x] | Wiki for Neo OS | Wikijs | | [ ] | Wiki For Repos | Documize | | [ ] | Blog | Hugo | | [ ] | Comments Server | Commento | | [ ] | Analytics Server | Matomo | | [ ] | CI/CD System | TBA | | [ ] | Project Manager | Taiga | | [ ] | Forum | Flarum | | [ ] | Matrix Server | Ruma | | [ ] | Slack Alternative | Mattermost | [yes]: ./is-yes.svg [ehh]: ./is-ehh.svg [no]: ./is-no.svg ```

GiteaMirror closed this issue

2025-11-02 05:27:50 -06:00

GiteaMirror commented

2025-11-02 05:27:51 -06:00

@gary-kim commented on GitHub (Aug 25, 2019):

I think that is not because of the markdown rendering and is rather an issue with how the image is being hosted. Gitea is returning a content type of "text/plain" so the browser is interpreting the svg as text rather then as an image.

@gary-kim commented on GitHub (Aug 25, 2019): I think that is not because of the markdown rendering and is rather an issue with how the image is being hosted. Gitea is returning a content type of "text/plain" so the browser is interpreting the svg as text rather then as an image.

GiteaMirror commented

2025-11-02 05:27:52 -06:00

@Th3Whit3Wolf commented on GitHub (Aug 25, 2019):

using https://gitea.neo-os.com/Web_WG/Goals/src/branch/master/is-yes.svg has the same effect.

How would you recommend using this image?

@Th3Whit3Wolf commented on GitHub (Aug 25, 2019): using `https://gitea.neo-os.com/Web_WG/Goals/src/branch/master/is-yes.svg` has the same effect. How would you recommend using this image?

GiteaMirror commented

2025-11-02 05:27:52 -06:00

@sapk commented on GitHub (Aug 25, 2019):

This is a security limitation discussed in #1095. Now, Github does some clean up before serving svg and the current situation for Gitea is to serve SVG as text in the wait of a PR capable of cleaning svg.

@sapk commented on GitHub (Aug 25, 2019): This is a security limitation discussed in #1095. Now, Github does some clean up before serving svg and the current situation for Gitea is to serve SVG as text in the wait of a PR capable of cleaning svg.

GiteaMirror commented

2025-11-02 05:27:52 -06:00

@Th3Whit3Wolf commented on GitHub (Aug 25, 2019):

Interesting, is there any ETA on when this will be implemented? Does gitea support all other image formats?

@Th3Whit3Wolf commented on GitHub (Aug 25, 2019): Interesting, is there any ETA on when this will be implemented? Does gitea support all other image formats?

GiteaMirror commented

2025-11-02 05:27:52 -06:00

@sapk commented on GitHub (Aug 25, 2019):

Yes all other image should be supported. The problem is that svg file can contain rogue javascript that would be executed via the logged user that see it.

@sapk commented on GitHub (Aug 25, 2019): Yes all other image should be supported. The problem is that svg file can contain rogue javascript that would be executed via the logged user that see it.

GiteaMirror commented

2025-11-02 05:27:52 -06:00

@Th3Whit3Wolf commented on GitHub (Aug 25, 2019):

Oh I didn't know that. Thank you for the support.

@Th3Whit3Wolf commented on GitHub (Aug 25, 2019): Oh I didn't know that. Thank you for the support.

GiteaMirror referenced this issue

2025-11-02 09:19:47 -06:00

Repository Groups #10841

Sign in to join this conversation.