From: "Moritz Poldrack" <moritz@poldrack.dev>
To: "Eric Wong" <e@80x24.org>
Cc: <meta@public-inbox.org>
Subject: Re: Issues with mailto: Links
Date: Wed, 08 Jun 2022 13:12:48 +0200 [thread overview]
Message-ID: <CKKPI7EGHMFY.5WM6L7EJKB7F@Archetype> (raw)
In-Reply-To: <20220608104747.M955543@dcvr>
On Wed Jun 8, 2022 at 12:47 PM CEST, Eric Wong wrote:
> Moritz Poldrack <moritz@poldrack.dev> wrote:
> > Hello,
> >
> > I am a contributor to a mailclient named aerc. Today a user notified us
> > that they were unable to use the mailto: Link from one of your public
> > inboxes[0]. The reason for that is that the To: address is URL-encoded,
> > which is not in accordance with RFC6068 and therefore considered to be
> > invalid.
> >
> > Currently the link is:
> > mailto:user%40gmail.com?…
> >
> > but it should be:
> > mailto:user@gmail.com?…
>
> Thanks for the report, the patch below should fix it.
> Feedback greatly appreciated, I'm still struggling with various
> real-life stuff so extra eyes always appreciated since I'm more
> scatter-brained than usual :<
>
> > Since I've not seen anywhere else to report bugs, I've sent it here, if
> > that was not correct please advise where to send this message.
>
> Yes, this is the only place :)
>
> > [0]: https://list.orgmode.org/875yt0myv0.fsf@localhost/#R
>
> -----8<-----
> Subject: [PATCH] view: do not escape `@' in mailto: URLs
Important: only the @ after the ? (in query parameters) have to be
escaped.
mailto:user@gmail.com?cc=list%40mailinglist.org
>
> It's probably not a perfect match for RFC 6068 atm, but perfect
> is the enemy of good.
>
> Reported-by: Moritz Poldrack <moritz@poldrack.dev>
> Link: https://public-inbox.org/meta/CKJSWGSZFKMX.3VUSIYE955Z9X@Archetype/
> ---
> lib/PublicInbox/Reply.pm | 21 +++++++++++++++------
> t/plack.t | 1 +
> 2 files changed, 16 insertions(+), 6 deletions(-)
>
> diff --git a/lib/PublicInbox/Reply.pm b/lib/PublicInbox/Reply.pm
> index d96fadfc..2dda4d82 100644
> --- a/lib/PublicInbox/Reply.pm
> +++ b/lib/PublicInbox/Reply.pm
> @@ -1,11 +1,11 @@
> -# Copyright (C) 2014-2021 all contributors <meta@public-inbox.org>
> +# Copyright (C) all contributors <meta@public-inbox.org>
> # License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt>
>
> # For reply instructions and address generation in WWW UI
> package PublicInbox::Reply;
> use strict;
> -use warnings;
> -use URI::Escape qw/uri_escape_utf8/;
> +use v5.10.1;
> +use URI::Escape ();
> use PublicInbox::Hval qw(ascii_html obfuscate_addrs mid_href);
> use PublicInbox::Address;
> use PublicInbox::MID qw(mid_clean);
> @@ -13,6 +13,15 @@ use PublicInbox::Config;
>
> *squote_maybe = \&PublicInbox::Config::squote_maybe;
>
> +# TODO: read RFC 6068 more closely and fix as-needed (though checking for
> +# things like `[]' symmetry may not be worth it)
> +sub rfc6068_escape {
> + my ($s) = @_;
> + utf8::encode($s);
> + $s =~ s!([^A-Za-z0-9\-\._~\@])!$URI::Escape::escapes{$1}!ge;
> + $s;
> +}
> +
> sub add_addrs {
> my ($to, $cc, @addrs) = @_;
> foreach my $address (@addrs) {
> @@ -81,8 +90,8 @@ sub mailto_arg_link {
> # no $subj for $href below
> } else {
> push @arg, "--to=$to";
> - $to = uri_escape_utf8($to);
> - $subj = uri_escape_utf8($subj);
> + $to = rfc6068_escape($to);
> + $subj = rfc6068_escape($subj);
> }
> my @cc = sort values %$cc;
> $cc = '';
> @@ -94,7 +103,7 @@ sub mailto_arg_link {
> "--cc=$addr";
> } @cc);
> } else {
> - $cc = '&Cc=' . uri_escape_utf8(join(',', @cc));
> + $cc = '&Cc=' . rfc6068_escape(join(',', @cc));
> push(@arg, map { "--cc=$_" } @cc);
> }
> }
> diff --git a/t/plack.t b/t/plack.t
> index e4dedce6..a5fd54c9 100644
> --- a/t/plack.t
> +++ b/t/plack.t
> @@ -85,6 +85,7 @@ test_psgi($app, sub {
> my ($cb) = @_;
> my $res = $cb->(GET('http://example.com/test/crlf@example.com/'));
> is($res->code, 200, 'retrieved CRLF as HTML');
> + like($res->content, qr/mailto:me\@example/, 'no %40, per RFC 6068');
> unlike($res->content, qr/\r/, 'no CR in HTML');
> $res = $cb->(GET('http://example.com/test/crlf@example.com/raw'));
> is($res->code, 200, 'retrieved CRLF raw');
--
Moritz Poldrack
https://moritz.sh
next prev parent reply other threads:[~2022-06-08 11:12 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-07 9:39 Issues with mailto: Links Moritz Poldrack
2022-06-08 10:47 ` Eric Wong
2022-06-08 11:12 ` Moritz Poldrack [this message]
2022-06-09 17:53 ` [PATCH v2] view: do not escape first `@' in mailto: URLs Eric Wong
2022-06-09 19:51 ` Moritz Poldrack
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://public-inbox.org/README
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CKKPI7EGHMFY.5WM6L7EJKB7F@Archetype \
--to=moritz@poldrack.dev \
--cc=e@80x24.org \
--cc=meta@public-inbox.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).