fix: don't escape [ bracket in linktext#2894
fix: don't escape [ bracket in linktext#2894Soxasora wants to merge 1 commit intostackernews:masterfrom
[ bracket in linktext#2894Conversation
…rt footnotes or nested links anyway
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| return `[${text}](${node.url || ''}${node.title ? ` "${node.title}"` : ''})` | ||
| // gfm-footnote extension marks [ as unsafe in phrasing, | ||
| // but [ can't start footnotes or nested links inside link text, so the escape is unnecessary | ||
| return `[${text.replace(/\\\[/g, '[')}](${node.url || ''}${node.title ? ` "${node.title}"` : ''})` |
There was a problem hiding this comment.
Unescaping [ in link text breaks outer link parsing
Medium Severity
The .replace(/\\\[/g, '[') regex unescapes all \[ in link text, but an unescaped [ inside link text can combine with the outer link's ](url) to form an unintended inner link, breaking the outer link entirely. For example, a link with text click [here and URL url would serialize to [click [here](url), which CommonMark parses as literal [click plus a link here→url — the intended outer link is destroyed. The escaping that state.safe() applies to [ is necessary to prevent inner bracket sequences from taking precedence over the outer link structure per the CommonMark spec.
There was a problem hiding this comment.
I see, and it makes sense. Maybe escaped brackets don't cause issues, I'll think about this.
1 participant
Description
Fixes #2879
gfm-footnotetoMarkdownextension marks[as unsafe in phrasing to protect from unwanted footnotes or nested links, but footnotes or nested links can't start anyway inside of linktext.This PR unescapes
[square brackets inside oflinktext(text node inside of a link node).Screenshots
unescape.mov
Additional Context
One of the goals of future stages is to implement a better method for customizing escaping.
Checklist
Are your changes backward compatible? Please answer below:
For example, a change is not backward compatible if you removed a GraphQL field or dropped a database column.
Yes
On a scale of 1-10 how well and how have you QA'd this change and any features it might affect? Please answer below:
7
For frontend changes: Tested on mobile, light and dark mode? Please answer below:
n/a
Did you introduce any new environment variables? If so, call them out explicitly here:
n/a
Did you use AI for this? If so, how much did it assist you?
review, tests
Note
Low Risk
Low risk: narrow change to Markdown serialization that only alters escaping behavior inside link text; main risk is minor formatting regressions in edge-case link rendering.
Overview
Fixes Lexical-to-Markdown export so link text no longer keeps escaped
\[characters introduced by thegfm-footnotephrasing safety rules. ThelinktoMarkdownhandler now unescapes[within link text while still emitting standard[text](url "title")syntax.Written by Cursor Bugbot for commit c307919. This will update automatically on new commits. Configure here.