run update-copyrights from gnulib for 2019

[public-inbox.git] / lib / PublicInbox / Linkify.pm

diff --git a/lib/PublicInbox/Linkify.pm b/lib/PublicInbox/Linkify.pm
index d4778e7de371ecc5c3059363bb0d0ec1cc334686..175f8d724dbb25e2d8e04f89a2a1792373d83b3c 100644 (file)
--- a/lib/PublicInbox/Linkify.pm
+++ b/lib/PublicInbox/Linkify.pm
@@ -1,4 +1,4 @@
-# Copyright (C) 2014-2018 all contributors <meta@public-inbox.org>
+# Copyright (C) 2014-2019 all contributors <meta@public-inbox.org>
 # License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt>
 
 # two-step linkification.
@@ -13,6 +13,7 @@ package PublicInbox::Linkify;
 use strict;
 use warnings;
 use Digest::SHA qw/sha1_hex/;
+use PublicInbox::Hval qw(ascii_html);
 
 my $SALT = rand;
 my $LINK_RE = qr{([\('!])?\b((?:ftps?|https?|nntps?|gopher)://
@@ -61,12 +62,12 @@ sub linkify_1 {
                        $end = ')';
                }
 
+               $url = ascii_html($url); # for IDN
+
                # salt this, as this could be exploited to show
                # links in the HTML which don't show up in the raw mail.
                my $key = sha1_hex($url . $SALT);
 
-               # only escape ampersands, others do not match LINK_RE
-               $url =~ s/&/&#38;/g;
                $_[0]->{$key} = $url;
                $beg . 'PI-LINK-'. $key . $end;
        ^ge;