View Issue Details

IDProjectCategoryView StatusLast Update
0022315mantisbtmarkdownpublic2024-04-14 07:39
Reporteruxmaster Assigned Todregad  
Status resolvedResolutionfixed 
Product Version2.1.1 
Target Version2.27.0Fixed in Version2.27.0 
Summary0022315: Markdown converts " to " within code blocks and inline code

This is caused by noncooperation between "Markdown Processing" and "Text Processing".
When the latter is turned off, everything is OK (apart from XSS vulnerability).

Steps To Reproduce

" in normal text

" in inline code "

" in code block

TagsNo tags attached.


related to 0022246 closedjoel Markdown is converting '&' signs to (ampersand[amp;]) inside code block or backtick as well 
related to 0024628 resolveddregad Double quotes " and lesser than sign < are shown as HTML entity within Markdown code blocks 
has duplicate 0022407 closedatrol Quotes in markdown 
related to 0024810 resolveddregad Markdown links/code always show HTML entities for Ampersand and Less-than sign 
child of 0022180 new Markdown issues following implementation in 0017920 




2017-02-14 08:51

reporter   ~0055670

Confirmed, seeing this as well



2017-02-19 08:29

developer   ~0055719

This has been addressed already with this PR



2017-02-23 12:29

developer   ~0055768

This one is really annoying, can't copy/paste code snippets anymore without having to manually replace " entities by actual quotes ...



2017-02-27 18:47

developer   ~0055812

Last edited: 2017-02-27 18:48

This is not a bug in upstream, the bug is due to that Text processing process the text from the start:

  1. Text processing converts & sign into entity name (ampersand[amp;]) within the code block or backtick
  2. With that, we need to convert back the entity name back to its result within the specific function in the extension class.

And this is the PR



2017-03-03 05:41

reporter   ~0055890

@joel Which version of the MantisBT download do I use that has this fix?



2017-03-03 05:46

developer   ~0055891

@ajtruckle this is an open PR, so there is no version you can download at the moment.



2020-09-04 13:47

reporter   ~0064359

Recent activity:

batman magumbo

batman magumbo

2021-11-09 08:29

reporter   ~0065999

This is still an issue on brand new installations of Mantis as of November 2021.

There's a plugin called Imatic Mantis Formatting that's supposed to fix the issue, but it's meant to replace the native Mantis formatting plugin, and it requires PHP 7.4 and Composer.

I was running PHP 7.1 so I wrote a simpler plugin that just run alongside the native one and patches the problem.

Here: OT Mantis Markdown Fixer. Hope that helps someone.

Related Changesets

MantisBT: master 3aec6e68

2024-03-31 23:15


Committer: dregad

Details Diff
Clean up markdown processing

- Process input via Markdownparser and return the result, no further
text processing.
- During parsing, catch all <code> blocks and replace them with a hash
- After the markup is returned from Parsedown, apply mentions and links
- Restore the untouched <code> Blocks back in place.

Fixes 0034040, PR
Also fixes 0022315, 0022320, 0024241, 0024628, 0024810, 0022231, 0023738

Signed-off-by: Damien Regad <>
Affected Issues
0022231, 0022315, 0022320, 0023738, 0024241, 0024628, 0024810, 0034040, 0034393
mod - plugins/MantisCoreFormatting/MantisCoreFormatting.php Diff File
mod - plugins/MantisCoreFormatting/core/MantisMarkdown.php Diff File