From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id 2C8881F4D7; Thu, 9 Jun 2022 17:53:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=80x24.org; s=selector1; t=1654797233; bh=FWGubr2aD8L1jHAKnFESmp8Egnvy3pzV7iuEti1ifZo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Zs3hUjDCp8zMAHvveThCJl6QJ4ZV9vDswn06bLXbVsTBJ5skqUGkmoPyEj1lf/DRV rOL3SsS3OANHm3BlKxloMz2AdSPMQlaqqpAJ6TXL+z/GbbCOgK7EX3NjZStGSuDlvq GXNu1JYrQ+mpUwDmltZzMgOEPLautQhZOAd8avsk= Date: Thu, 9 Jun 2022 17:53:53 +0000 From: Eric Wong To: Moritz Poldrack Cc: meta@public-inbox.org Subject: [PATCH v2] view: do not escape first `@' in mailto: URLs Message-ID: <20220609175353.M57606@dcvr> References: <20220608104747.M955543@dcvr> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: List-Id: Moritz Poldrack wrote: > Important: only the @ after the ? (in query parameters) have to be > escaped. > > mailto:user@gmail.com?cc=list%40mailinglist.org Ah, thanks. Here's an updated version: ---------8<--------- Subject: [PATCH] view: do not escape first `@' in mailto: URLs It's probably not a perfect match for RFC 6068 atm, but perfect is the enemy of good. Reported-by: Moritz Poldrack Link: https://public-inbox.org/meta/CKJSWGSZFKMX.3VUSIYE955Z9X@Archetype/ --- lib/PublicInbox/Reply.pm | 9 ++++++--- t/plack.t | 1 + 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/PublicInbox/Reply.pm b/lib/PublicInbox/Reply.pm index d96fadfc..592dfb62 100644 --- a/lib/PublicInbox/Reply.pm +++ b/lib/PublicInbox/Reply.pm @@ -1,10 +1,10 @@ -# Copyright (C) 2014-2021 all contributors +# Copyright (C) all contributors # License: AGPL-3.0+ # For reply instructions and address generation in WWW UI package PublicInbox::Reply; use strict; -use warnings; +use v5.10.1; use URI::Escape qw/uri_escape_utf8/; use PublicInbox::Hval qw(ascii_html obfuscate_addrs mid_href); use PublicInbox::Address; @@ -81,7 +81,6 @@ sub mailto_arg_link { # no $subj for $href below } else { push @arg, "--to=$to"; - $to = uri_escape_utf8($to); $subj = uri_escape_utf8($subj); } my @cc = sort values %$cc; @@ -106,6 +105,10 @@ sub mailto_arg_link { # anyways. return (\@arg, '', $reply_to_all) if $obfs; + # keep `@' instead of using `%40' for RFC 6068 + utf8::encode($to); + $to =~ s!([^A-Za-z0-9\-\._~\@])!$URI::Escape::escapes{$1}!ge; + # order matters, Subject is the least important header, # so it is last in case it's lost/truncated in a copy+paste my $href = "mailto:$to?In-Reply-To=$irt${cc}&Subject=$subj"; diff --git a/t/plack.t b/t/plack.t index e4dedce6..a5fd54c9 100644 --- a/t/plack.t +++ b/t/plack.t @@ -85,6 +85,7 @@ test_psgi($app, sub { my ($cb) = @_; my $res = $cb->(GET('http://example.com/test/crlf@example.com/')); is($res->code, 200, 'retrieved CRLF as HTML'); + like($res->content, qr/mailto:me\@example/, 'no %40, per RFC 6068'); unlike($res->content, qr/\r/, 'no CR in HTML'); $res = $cb->(GET('http://example.com/test/crlf@example.com/raw')); is($res->code, 200, 'retrieved CRLF raw');