Markdown viewer mangles hyperlinks

frankli · May 12, 2026, 7:20pm

Nextcloud Server version (e.g., 29.x.x):
- 33.0.3
Operating system and version (e.g., Ubuntu 24.04):
- OpenSUSE Leap 16.0
Web server and version (e.g, Apache 2.4.25):
- Nginx
Reverse proxy and version _(e.g. nginx 1.27.2)
- Nginx
PHP version (e.g, 8.3):
- n/a
Is this the first time you’ve seen this error? (Yes / No):
- No
When did this problem seem to first start?
- n/a
Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
- Bare metal
Are you using CloudfIare, mod_security, or similar? (Yes / No)
- No

Summary of the issue you are facing:

Markdown viewer corrupts URLs mid: schemas.

These links are supported in recent Thunderbird versions and are an extremely handy way to link to specific emails in a way that both the sender and any recipients can use to quickly open the email.

Steps to replicate it (hint: details matter!):

Log into a Nextcloud instance in which you are able to create Markdown files and which has the Markdown viewer enabled (which it is by default)
Create a Markdown file with a mid: URL, e.g.:

# Test file

This paragraph contains [a `mid:` link](mid:messageid@example.com "Would open this email, if it existed, in your email client").

Open the test Markdown file in the web frontend
Notice that the URL has been corrupted and now points to the Markdown file itself. It does not seem to overwrite the actual link in the file, but it does not render it correctly in the HTML either.

Log entries

Nextcloud

n/a

Web Browser

n/a

Web server / Reverse Proxy

n/a

Configuration

Nextcloud

The output of occ config:list system

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "pgsql",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "auth.bruteforce.protection.enabled": false,
        "version": "33.0.3.2",
        "logtimezone": "UTC",
        "installed": true,
        "mail_smtpmode": "smtp",
        "maintenance": false,
        "theme": "",
        "loglevel": 3,
        "appstore.experimental.enabled": false,
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauth": 1,
        "mail_smtpauthtype": "LOGIN",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpdebug": false,
        "updater.release.channel": "stable",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "simpleSignUpLink.shown": false,
        "app_install_overwrite": [
            "calendar",
            "tasks",
            "files_readmemd",
        ],
        "mail_sendmailmode": "smtp",
        "mail_smtpsecure": "ssl",
        "maintenance_window_start": 1,
        "default_locale": "en_GB",
        "skeletondirectory": "",
        "templatedirectory": "",
        "user_oidc": {
            "oidc_provider_bearer_validation": true
        }
    }
}

frankli · May 12, 2026, 7:27pm

Upon further inspection, I notice that this is not limited to mid: schemas:

# Test file

This paragraph contains [a `mid:` link](mid:messageid@example.com "Would open this email, if it existed, in your email client").

This is [an XMPP link](xmpp:user@example.com "Would start a chat with user@example.com").

This is [a telephone link](tel:+1234567890 "Would initiate a call with +1234567890") **and it works.** 👍

This is [a `geo:` link](geo:0,0?z=15 "That's where the Equator intersects Greenwich").

This is [a `mailto:` link](mailto:user@example.com "Used to send an email to someone") and it also works. 👍

In summary, for some reason it seems to recognise only a limited number of schemas, while missing others that are very important for productivity.

szaimen · May 12, 2026, 9:09pm

Hi, I’d say best to report this to Issues · nextcloud/text · GitHub if not already done.

frankli · May 16, 2026, 1:56pm

I do not have a GitHub / Microsoft account and I do not intend to get one. What bug reporting options are there that do not compromise FOSS or digital sovereignty?

bb77 · May 17, 2026, 7:45am

I didn’t try with actual working links, but when I remove the backticks from your example links (the ones you put at “mid” “geo,” and “mailto”), the links seem to work, i.e., the browser asks me to select an application to open them.

No, there is no other bug tracker for Nextcloud and its core applications. GitHub it is.

frankli · May 22, 2026, 12:14pm

Interesting (I didn’t add any backticks in my example, unless you mean the ``` meant to quote the entire Markdown block). Which browser are you using? I’m on Firefox, and I know that it sometimes does URL detection, e.g., highlighting https://google.com/ and right-clicking will give you the option to open the URL even though it is not hyperlinked.

Oh well, at least that will help make America great again.

bb77 · May 22, 2026, 1:54pm

Firefox 150 at the time of the test, and now 151.

frankli · May 25, 2026, 3:34pm

Same here.

Ok, I see. You refer to the backticks in the anchor text, not in the links themselves.

I have now tried with and without those, and the result is exactly the same, as would be expected in the absence of bugs in the Markdown parser.

The mailto: and tel: schemas are recognised and hyperlinked properly. The other schemas are not recognised and the link is, in reality, a link to the Markdown file itself. Isn’t that what you’re seeing?

frankli · May 25, 2026, 3:46pm

Actually, there is a difference, but that’s probably not related to the Markdown parser itself but rather to Nextcloud’s Markdown file autocorruption feature.

This:

This is [a `geo:` link](geo:0,0?z=15 "That's where the Equator intersects Greenwich").

Gets changed by the Nextcloud frontend to this, which is not at all the same thing:

This is [a ](geo:0,0?z=15 "That's where the Equator intersects Greenwich")`geo:`[ link](geo:0,0?z=15 "That's where the Equator intersects Greenwich").

…and that’s even though the Markdown is not open for editing in the first place. Let’s just say that Markdown handling on the frontend is not exactly robust, though that’s a separate issue.