Obfuscating username portions of the email address leads
to having subsequent parts of the address not being obfuscated;
which could mean we show someone else's email entirely.
In other words, obfuscating "john.doe@example.com" becomes
might mean "doe@example.com" is picked up by scanners.
In other news, email address obfuscation is still a horrible
usability issue and only exists to appease misguided people.
my $ibx = $_[0];
my $re = $ibx->{-no_obfuscate_re}; # regex of domains
my $addrs = $ibx->{-no_obfuscate}; # { adddress => 1 }
- $_[1] =~ s/([\w\.\+=\-]+\@([\w\-]+\.[\w\.\-]+))/
- my ($addr, $domain) = ($1, $2);
+ $_[1] =~ s/(([\w\.\+=\-]+)\@([\w\-]+\.[\w\.\-]+))/
+ my ($addr, $user, $domain) = ($1, $2, $3);
if ($addrs->{$addr} || ((defined $re && $domain =~ $re))) {
$addr;
} else {
- $addr =~ s!([^\.]+)\.!$1•!;
- $addr
+ $domain =~ s!([^\.]+)\.!$1•!;
+ $user . '@' . $domain
}
/sge;
}
meta@public-inbox.org
test@public-inbox.org
test@a.b.c.org
+te.st@example.org
EOF
PublicInbox::Hval::obfuscate_addrs($ibx, $html);
meta@public-inbox.org
test@public-inbox•org
test@a•b.c.org
+te.st@example•org
EOF
is($html, $exp, 'only obfuscated relevant addresses');