From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS197540 202.61.224.0/20 X-Spam-Status: No, score=-3.4 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from mail.moritz.sh (mail.moritz.sh [202.61.225.209]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 8B8E11F4D7 for ; Wed, 8 Jun 2022 11:12:53 +0000 (UTC) Authentication-Results: dcvr.yhbt.net; dkim=pass (4096-bit key; unprotected) header.d=poldrack.dev header.i=@poldrack.dev header.b="Yw+quxD+"; dkim-atps=neutral X-Virus-Scanned: Yes Mime-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=poldrack.dev; s=mail; t=1654686635; bh=Y7Pf0TlJ2Ojj6HVKh+HrM1drx3S3R8p/Ij8x58tvqaU=; h=Subject:Cc:From:To:References:In-Reply-To; b=Yw+quxD+epWjNcxjNZt7YaA8ZWLGorAjiYp9wPr4raQwjo2XsH1A2iNBj2d/FY/vL zF/fcvVtfOUDtXWRsIs5c3gmxxgblY3zDJ5W9BCWaURj3UXbASOEJh49Teb5VYJkxF IsNWBqUVMqN1bXhdm1OhBzFthDAFwVP1N6dIuJt/S7RxXqZ+Q805oNauq1pQN7eKl4 XVKOEYdUM9p8oyBabkFoQcKqtvwWKck+n2HvlNJU/Ikb5dIJ1hEisfg24FrAQLIugo zseZV0npopFzen0+T1rS1E9e9CM6R0rpoxH7L/RGPF+pW1tJpCQnX3j6tcLOi6ZtuG jLW3UIBwpxqV/Xgf6Lz4piqDXds7FZqRKfuNo5e0/OcOC9kNJe6WuTrzkRVSrHNhTw fh7WpFJCHvhiDm4BmqI0iykpC6hTPBh9JOdJ9RLjMAVnZEFC/4DqKerKdkRB2TRUDO M/Q0u43bm2LTGXocGfG+b/jW9jI6B6SaRgU1uCs9/3PNO6nPR1RLWxNT8PVszS9vUw j3fsLHU4pzIkbEjX13vTgvgyfPQcTNIG7pwDczQPuPo/pr6wTStB7glaWlvBT0jOT8 46xS/81ZLP8ZRUpgyZ8XhjsYxOhx0CjXSve9nXn+Udmu4NcKyitr6CJ1RPM9YNk+ap bVtaZms/TpF97OGhN0XF9TXg= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Wed, 08 Jun 2022 13:12:48 +0200 Message-Id: Subject: Re: Issues with mailto: Links Cc: From: "Moritz Poldrack" To: "Eric Wong" References: <20220608104747.M955543@dcvr> In-Reply-To: <20220608104747.M955543@dcvr> List-Id: On Wed Jun 8, 2022 at 12:47 PM CEST, Eric Wong wrote: > Moritz Poldrack wrote: > > Hello, > > > > I am a contributor to a mailclient named aerc. Today a user notified us > > that they were unable to use the mailto: Link from one of your public > > inboxes[0]. The reason for that is that the To: address is URL-encoded, > > which is not in accordance with RFC6068 and therefore considered to be > > invalid. > > > > Currently the link is: > > mailto:user%40gmail.com?=E2=80=A6 > > > > but it should be: > > mailto:user@gmail.com?=E2=80=A6 > > Thanks for the report, the patch below should fix it. > Feedback greatly appreciated, I'm still struggling with various > real-life stuff so extra eyes always appreciated since I'm more > scatter-brained than usual :< > > > Since I've not seen anywhere else to report bugs, I've sent it here, if > > that was not correct please advise where to send this message. > > Yes, this is the only place :) > > > [0]: https://list.orgmode.org/875yt0myv0.fsf@localhost/#R > > -----8<----- > Subject: [PATCH] view: do not escape `@' in mailto: URLs Important: only the @ after the ? (in query parameters) have to be escaped. mailto:user@gmail.com?cc=3Dlist%40mailinglist.org > > It's probably not a perfect match for RFC 6068 atm, but perfect > is the enemy of good. > > Reported-by: Moritz Poldrack > Link: https://public-inbox.org/meta/CKJSWGSZFKMX.3VUSIYE955Z9X@Archetype/ > --- > lib/PublicInbox/Reply.pm | 21 +++++++++++++++------ > t/plack.t | 1 + > 2 files changed, 16 insertions(+), 6 deletions(-) > > diff --git a/lib/PublicInbox/Reply.pm b/lib/PublicInbox/Reply.pm > index d96fadfc..2dda4d82 100644 > --- a/lib/PublicInbox/Reply.pm > +++ b/lib/PublicInbox/Reply.pm > @@ -1,11 +1,11 @@ > -# Copyright (C) 2014-2021 all contributors > +# Copyright (C) all contributors > # License: AGPL-3.0+ > > # For reply instructions and address generation in WWW UI > package PublicInbox::Reply; > use strict; > -use warnings; > -use URI::Escape qw/uri_escape_utf8/; > +use v5.10.1; > +use URI::Escape (); > use PublicInbox::Hval qw(ascii_html obfuscate_addrs mid_href); > use PublicInbox::Address; > use PublicInbox::MID qw(mid_clean); > @@ -13,6 +13,15 @@ use PublicInbox::Config; > > *squote_maybe =3D \&PublicInbox::Config::squote_maybe; > > +# TODO: read RFC 6068 more closely and fix as-needed (though checking fo= r > +# things like `[]' symmetry may not be worth it) > +sub rfc6068_escape { > + my ($s) =3D @_; > + utf8::encode($s); > + $s =3D~ s!([^A-Za-z0-9\-\._~\@])!$URI::Escape::escapes{$1}!ge; > + $s; > +} > + > sub add_addrs { > my ($to, $cc, @addrs) =3D @_; > foreach my $address (@addrs) { > @@ -81,8 +90,8 @@ sub mailto_arg_link { > # no $subj for $href below > } else { > push @arg, "--to=3D$to"; > - $to =3D uri_escape_utf8($to); > - $subj =3D uri_escape_utf8($subj); > + $to =3D rfc6068_escape($to); > + $subj =3D rfc6068_escape($subj); > } > my @cc =3D sort values %$cc; > $cc =3D ''; > @@ -94,7 +103,7 @@ sub mailto_arg_link { > "--cc=3D$addr"; > } @cc); > } else { > - $cc =3D '&Cc=3D' . uri_escape_utf8(join(',', @cc)); > + $cc =3D '&Cc=3D' . rfc6068_escape(join(',', @cc)); > push(@arg, map { "--cc=3D$_" } @cc); > } > } > diff --git a/t/plack.t b/t/plack.t > index e4dedce6..a5fd54c9 100644 > --- a/t/plack.t > +++ b/t/plack.t > @@ -85,6 +85,7 @@ test_psgi($app, sub { > my ($cb) =3D @_; > my $res =3D $cb->(GET('http://example.com/test/crlf@example.com/')); > is($res->code, 200, 'retrieved CRLF as HTML'); > + like($res->content, qr/mailto:me\@example/, 'no %40, per RFC 6068'); > unlike($res->content, qr/\r/, 'no CR in HTML'); > $res =3D $cb->(GET('http://example.com/test/crlf@example.com/raw')); > is($res->code, 200, 'retrieved CRLF raw'); -- Moritz Poldrack https://moritz.sh