Hi there, if you add a mailto: link with a subject that contains certain characters the output will be broken (see issue 1422462 which touches on this)

These characters include '()* and probably quite a few more. To quickly get it working for me I have amended line 121 of spamspan.module to:

"(?:\?[A-Za-z0-9_= %\.\-\~\_\&;\!\'\*\(\)]*)?)" . # an optional ? followed

but perhaps the whole regexp needs to be a bit less prescriptive:

Additionally line breaks were being stripped out of the link due to line 55 of spamspan.js which has a decodeURIComponent() in it.

Not entirely why the decode is in here as if you disable javascript the source href attr is not decoded. Removing decodeURIComponent() from around the _mailto lets the subject work as intended. (Maybe a security thing, or maybe other email clients need it?)

Here is a sample Message Body which will cause the problem:

"This is a mess'age body! < > "?

!"£$%^&*():@~;'#<>?,./ [] {} -= _+

Isn't it fantastic!

Happy to work up a patch if required - interested to get any thoughts on the decodeURIComponent thing first though,

Thanks

CommentFileSizeAuthor
#6 spamspan-some_chars_break_mailto-2451115-6.patch10.46 KBvitalie
#5 spamspan-some_chars_break_mailto-2451115-5.patch3.19 KBearlofsandwich
#3 spamspan-some_chars_break_mailto-2451115-3.patch1.81 KBearlofsandwich
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

earlofsandwich’s picture

earlofsandwich CreditAttribution: earlofsandwich commented
Related issues: +#1422462: Broken output if mailto: address has subject & body in D7
vitalie’s picture

vitalie CreditAttribution: vitalie commented

thx @earlofsandwich

I think it is expected that subject & body be uri encoded, which should solve the issue of broken output, since the odd characters would get encoded. Patches are of course welcome.

earlofsandwich’s picture

earlofsandwich CreditAttribution: earlofsandwich commented
FileSize
spamspan-some_chars_break_mailto-2451115-3.patch1.81 KB

Okay, here (at last) is a patch that should allow most body and subject text to work correctly. Of course nothing is as simple as it first seems and I had to do extra replacing on the ' character and allow checking on & and # as well to let through the htmlentity encoded quote.

vitalie’s picture

vitalie CreditAttribution: vitalie commented

@earlofsandwich thanks a lot! Looks good. Would it be easy for you to add a few tests which cover your changes? They are in spamspan.test.

earlofsandwich’s picture

earlofsandwich CreditAttribution: earlofsandwich commented
FileSize
spamspan-some_chars_break_mailto-2451115-5.patch3.19 KB

Sorry it's taken so long, but finally here is a patch with a couple of additional tests. I do one test with a large selection of different characters, and one with the ' char in it (which is dealt with differently)

Hope that helps!

vitalie’s picture

vitalie CreditAttribution: vitalie commented
FileSize
spamspan-some_chars_break_mailto-2451115-6.patch10.46 KB

thank you @earlofsandwich. I noticed now that the changes to the js introduced by the patch bring back the issue of #1540732: %40 instead of @ in link href. Here a patch based on yours which also cleans up a bit the php code that deals with mailto 'headers', but more importantly, urlencodes them in php. This actually would ensure the correct parsing by the js (e.g. js splits headers at ', '). Could you give it a test? What do you think?

earlofsandwich’s picture

earlofsandwich CreditAttribution: earlofsandwich commented

Good find @vitalie, and that's quite an update you've done! I've tested against against a variety of different characters (quite a nasty list and some Chinese ones for good measure) as well as more simple tests without any extra headers and it appears to be working a treat. Newlines work and copying works. Given it a whirl on Android an iPhone as well and working there too.

vitalie’s picture

vitalie CreditAttribution: vitalie commented

@earlofsandwich, great, thanks a lot. The changes in js files are to do mostly with moved-around lines. The changes in the lines related to the regular expression are only some extra spacing before comments come in. The update in itself is not so big :), as I said mostly making sure strings are urlencoded already by php.

So should this be set to Reviewed and tested by Community?

earlofsandwich’s picture

earlofsandwich CreditAttribution: earlofsandwich commented

Eek. Pressure! Well, it's been tested by me - and certainly seems to be working well for my use cases. I guess it could go into dev and hopefully get a more thorough test there. (I'll let you press the buttons. I'll go hide in a corner somewhere ;)

  • vitalie committed cebf9dd on 7.x-1.x authored by earlofsandwich 
    Issue #2451115 by earlofsandwich, vitalie: Certain characters in mailto...
vitalie’s picture

vitalie CreditAttribution: vitalie commented
Status: Active » Fixed

thx @earlofsandwich!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.