X-Git-Url: http://www.git.stargrave.org/?a=blobdiff_plain;f=lib%2FPublicInbox%2FLinkify.pm;h=5b83742c14b36ace1e62790b20d417e0971dbc87;hb=2394cb0bdc671605729b5a4c578ef4cd3b9813fd;hp=d4778e7de371ecc5c3059363bb0d0ec1cc334686;hpb=e55bef366b87ecbcb66c93669f41876afc1d2446;p=public-inbox.git diff --git a/lib/PublicInbox/Linkify.pm b/lib/PublicInbox/Linkify.pm index d4778e7d..5b83742c 100644 --- a/lib/PublicInbox/Linkify.pm +++ b/lib/PublicInbox/Linkify.pm @@ -1,4 +1,4 @@ -# Copyright (C) 2014-2018 all contributors +# Copyright (C) 2014-2019 all contributors # License: AGPL-3.0+ # two-step linkification. @@ -13,6 +13,7 @@ package PublicInbox::Linkify; use strict; use warnings; use Digest::SHA qw/sha1_hex/; +use PublicInbox::Hval qw(ascii_html); my $SALT = rand; my $LINK_RE = qr{([\('!])?\b((?:ftps?|https?|nntps?|gopher):// @@ -61,12 +62,12 @@ sub linkify_1 { $end = ')'; } + $url = ascii_html($url); # for IDN + # salt this, as this could be exploited to show # links in the HTML which don't show up in the raw mail. my $key = sha1_hex($url . $SALT); - # only escape ampersands, others do not match LINK_RE - $url =~ s/&/&/g; $_[0]->{$key} = $url; $beg . 'PI-LINK-'. $key . $end; ^ge; @@ -88,4 +89,33 @@ sub linkify_2 { $_[1]; } +# single pass linkification of within $str +# with $pfx being the URL prefix +sub linkify_mids { + my ($self, $pfx, $str) = @_; + $$str =~ s!<([^>]+)>! + my $msgid = PublicInbox::Hval->new_msgid($1); + my $html = $msgid->as_html; + my $href = $msgid->{href}; + $href = ascii_html($href); # for IDN + + # salt this, as this could be exploited to show + # links in the HTML which don't show up in the raw mail. + my $key = sha1_hex($html . $SALT); + $self->{$key} = [ $href, $html ]; + ''; + !ge; + $$str = ascii_html($$str); + $$str =~ s!\bPI-LINK-([a-f0-9]{40})\b! + my $key = $1; + my $repl = $_[0]->{$key}; + if (defined $repl) { + "[0]/\">$repl->[1]"; + } else { + # false positive or somebody tried to mess with us + $key; + } + !ge; +} + 1;