From 5cbbb9c44a76cb0c1067df9692290e74c4ee921f Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Sat, 3 Jun 2023 12:25:36 +0200
Subject: [PATCH] fix #4756: markdown notes: allow any valid URL for a tags

As anchor elements cannot load things into the current browsing
context and are not necessarily more dangerous to users compared to
HTTP(S) links, which we allowed since adding markdown rendering in
the first place.

Allows adding short-cuts for virtual guest resources, like RDP or SSH
links.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 src/Parser.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Parser.js b/src/Parser.js
index e283df8..08e2502 100644
--- a/src/Parser.js
+++ b/src/Parser.js
@@ -34,6 +34,7 @@ Ext.define('Proxmox.Markdown', {
 			let url = new URL(value, window.location.origin);
 			if (
 			    _isHTTPLike(url.protocol) ||
+			    node.tagName.toLowerCase() === 'a' ||
 			    (node.tagName.toLowerCase() === 'img' && url.protocol.toLowerCase() === 'data:')
 			) {
 			    node.attributes[i].value = url.href;