From: Eric Wong <e@80x24.org>
Date: Tue, 16 Jan 2018 05:08:22 +0000 (+0000)
Subject: hval: only allow domain obfuscation in address
X-Git-Tag: v1.0.0~11
X-Git-Url: http://www.git.stargrave.org/?a=commitdiff_plain;h=24a309bd1221a24ac673ece463f765f7a92921ff;p=public-inbox.git

hval: only allow domain obfuscation in address

Obfuscating username portions of the email address leads
to having subsequent parts of the address not being obfuscated;
which could mean we show someone else's email entirely.

In other words, obfuscating "john.doe@example.com" becomes
might mean "doe@example.com" is picked up by scanners.

In other news, email address obfuscation is still a horrible
usability issue and only exists to appease misguided people.
---

diff --git a/lib/PublicInbox/Hval.pm b/lib/PublicInbox/Hval.pm
index 00a923ea..0e199025 100644
--- a/lib/PublicInbox/Hval.pm
+++ b/lib/PublicInbox/Hval.pm
@@ -95,13 +95,13 @@ sub obfuscate_addrs ($$) {
 	my $ibx = $_[0];
 	my $re = $ibx->{-no_obfuscate_re}; # regex of domains
 	my $addrs = $ibx->{-no_obfuscate}; # { adddress => 1 }
-	$_[1] =~ s/([\w\.\+=\-]+\@([\w\-]+\.[\w\.\-]+))/
-		my ($addr, $domain) = ($1, $2);
+	$_[1] =~ s/(([\w\.\+=\-]+)\@([\w\-]+\.[\w\.\-]+))/
+		my ($addr, $user, $domain) = ($1, $2, $3);
 		if ($addrs->{$addr} || ((defined $re && $domain =~ $re))) {
 			$addr;
 		} else {
-			$addr =~ s!([^\.]+)\.!$1&#8226;!;
-			$addr
+			$domain =~ s!([^\.]+)\.!$1&#8226;!;
+			$user . '@' . $domain
 		}
 		/sge;
 }
diff --git a/t/hval.t b/t/hval.t
index 2af4d2af..7915f4c9 100644
--- a/t/hval.t
+++ b/t/hval.t
@@ -18,6 +18,7 @@ hello@example.com
 meta@public-inbox.org
 test@public-inbox.org
 test@a.b.c.org
+te.st@example.org
 EOF
 
 PublicInbox::Hval::obfuscate_addrs($ibx, $html);
@@ -28,6 +29,7 @@ hello@example.com
 meta@public-inbox.org
 test@public-inbox&#8226;org
 test@a&#8226;b.c.org
+te.st@example&#8226;org
 EOF
 
 is($html, $exp, 'only obfuscated relevant addresses');