From 930d2dc63e04c652e3b64cc7f3b3a7d377637065 Mon Sep 17 00:00:00 2001
From: Eric Wong <e@80x24.org>
Date: Thu, 9 Jun 2022 17:53:53 +0000
Subject: view: do not escape first `@' in mailto: URLs

It's probably not a perfect match for RFC 6068 atm, but perfect
is the enemy of good.

Reported-by: Moritz Poldrack <moritz@poldrack.dev>
Link: https://public-inbox.org/meta/CKJSWGSZFKMX.3VUSIYE955Z9X@Archetype/
---
 lib/PublicInbox/Reply.pm | 9 ++++++---
 t/plack.t                | 1 +
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/PublicInbox/Reply.pm b/lib/PublicInbox/Reply.pm
index d96fadfc..592dfb62 100644
--- a/lib/PublicInbox/Reply.pm
+++ b/lib/PublicInbox/Reply.pm
@@ -1,10 +1,10 @@
-# Copyright (C) 2014-2021 all contributors <meta@public-inbox.org>
+# Copyright (C) all contributors <meta@public-inbox.org>
 # License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt>
 
 # For reply instructions and address generation in WWW UI
 package PublicInbox::Reply;
 use strict;
-use warnings;
+use v5.10.1;
 use URI::Escape qw/uri_escape_utf8/;
 use PublicInbox::Hval qw(ascii_html obfuscate_addrs mid_href);
 use PublicInbox::Address;
@@ -81,7 +81,6 @@ sub mailto_arg_link {
 		# no $subj for $href below
 	} else {
 		push @arg, "--to=$to";
-		$to = uri_escape_utf8($to);
 		$subj = uri_escape_utf8($subj);
 	}
 	my @cc = sort values %$cc;
@@ -106,6 +105,10 @@ sub mailto_arg_link {
 	# anyways.
 	return (\@arg, '', $reply_to_all) if $obfs;
 
+	# keep `@' instead of using `%40' for RFC 6068
+	utf8::encode($to);
+	$to =~ s!([^A-Za-z0-9\-\._~\@])!$URI::Escape::escapes{$1}!ge;
+
 	# order matters, Subject is the least important header,
 	# so it is last in case it's lost/truncated in a copy+paste
 	my $href = "mailto:$to?In-Reply-To=$irt${cc}&Subject=$subj";
diff --git a/t/plack.t b/t/plack.t
index e4dedce6..a5fd54c9 100644
--- a/t/plack.t
+++ b/t/plack.t
@@ -85,6 +85,7 @@ test_psgi($app, sub {
 	my ($cb) = @_;
 	my $res = $cb->(GET('http://example.com/test/crlf@example.com/'));
 	is($res->code, 200, 'retrieved CRLF as HTML');
+	like($res->content, qr/mailto:me\@example/, 'no %40, per RFC 6068');
 	unlike($res->content, qr/\r/, 'no CR in HTML');
 	$res = $cb->(GET('http://example.com/test/crlf@example.com/raw'));
 	is($res->code, 200, 'retrieved CRLF raw');
-- 
cgit v1.2.3-24-ge0c7