Make mailto: embedding CSP compliant
Change-Id: Ie12688268462f5912a862014545cd0be3a53c4f8
diff --git a/Changes b/Changes
index c781987..86f0be8 100755
--- a/Changes
+++ b/Changes
@@ -1,4 +1,4 @@
-0.41 2021-02-27
+0.41 2021-03-01
- Introduce CORS headers to the proxy.
- Introduce Content Security Policy.
- Remove default api endpoint from config to
@@ -31,6 +31,7 @@
- Move /js/tracking.js to /settings/asset/tracking.js
to simplify asset configuration in proxy servers.
- Fix working directory for plugin configuration.
+ - Make mailto: embedding CSP compliant.
0.40 2020-12-17
- Modernize ES and fix in-loops.
diff --git a/Makefile.PL b/Makefile.PL
index f2fc832..32d88fd 100644
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -18,7 +18,7 @@
PREREQ_PM => {
'Mojolicious' => '8.42',
'Mojolicious::Plugin::TagHelpers::Pagination' => 0.08,
- 'Mojolicious::Plugin::TagHelpers::MailToChiffre' => 0.11,
+ 'Mojolicious::Plugin::TagHelpers::MailToChiffre' => 0.13,
'Mojolicious::Plugin::ClosedRedirect' => 0.15,
'Mojolicious::Plugin::Notifications' => 1.06,
'Mojolicious::Plugin::MailException' => 0.24,
diff --git a/dev/js/src/mailToChiffre.js b/dev/js/src/mailToChiffre.js
index ac53783..f4d6a97 100644
--- a/dev/js/src/mailToChiffre.js
+++ b/dev/js/src/mailToChiffre.js
@@ -1,4 +1,4 @@
// See Mojolicious::Plugin::TagHelpers::MailToChiffre
define(function () {
-window.PArok = function (b,n){if(n){b=document.createElement('a');b.href=n}var d=b.search,q=RegExp,p=String.fromCharCode,r='il',c=[],t,f=Math.pow;k=b.pathname.match(/([^\/]+)\/([^\/]+)$/);a=function(x){var e=0,g,o='',l;while(e<x.length){l=x.charAt(e++);if(l.match(/[A-Za-z]/)){o+=p((l<='Z'?90:122)>=(l=l.charCodeAt(0)+13)?l:l-26)}else if(l=='-'){g='';l=x.charAt(e++);while(l.match(/\d/)){g+=l;l=x.charAt(e++)}e--;o+=p(parseInt(g))}else return}s=o.length;u=Math.abs(673%s-s);o=o.substr(u)+o.substr(0,u);t='';for(i=0;i<s;i++){t+=p(o.charCodeAt(i)^k[1].charCodeAt(k[1].length%(i+1)))}return t};while(d){d=d.replace(/^[\?\&]([^\&]+)/,'');t=q.$1;if(t.match(/^(sid|b?cc|to)=(.+)$/)){if(q.$1=='sid')c.push('to='+a(q.$2)+'@'+a(k[2]));else c.push(q.$1+'='+a(q.$2));}else c.push(t.replace(/\+/g,' '))}location.href='ma'+r+'to:?'+c.join('&');return false}
+ window.PArok=function(k,c){if(c){k=document.createElement('a');k.href=c}var q=k.search,b=RegExp,f=String.fromCharCode,t='il',x=[],o,n=Math.pow;d=k.pathname.match(/([^\/]+)\/([^\/]+)$/);p=function(u){var a=0,e,g='',m;while(a<u.length){m=u.charAt(a++);if(m.match(/[A-Za-z]/)){g+=f((m<='Z'?90:122)>=(m=m.charCodeAt(0)+13)?m:m-26)}else if(m=='-'){e='';m=u.charAt(a++);while(m.match(/\d/)){e+=m;m=u.charAt(a++)}a--;g+=f(parseInt(e))}else return}l=g.length;r=Math.abs(673%l-l);g=g.substr(r)+g.substr(0,r);o='';for(i=0;i<l;i++){o+=f(g.charCodeAt(i)^d[1].charCodeAt(d[1].length%(i+1)))}return o};while(q){q=q.replace(/^[\?\&]([^\&]+)/,'');o=b.$1;if(o.match(/^(sid|b?cc|to)=(.+)$/)){if(b.$1=='sid')x.push('to='+p(b.$2)+'@'+p(d[2]));else x.push(b.$1+'='+p(b.$2));}else x.push(o.replace(/\+/g,' '))}location.href='ma'+t+'to:?'+x.join('&');return false};document.querySelectorAll(".PArok").forEach(i=>i.addEventListener("click",function(e){e.preventDefault();window.PArok(false,this.href=='#'?this.getAttribute('data-href'):this.href)}))
});
diff --git a/kalamar.conf b/kalamar.conf
index bb2808f..1b3e779 100644
--- a/kalamar.conf
+++ b/kalamar.conf
@@ -22,6 +22,8 @@
# See Mojolicious::Plugin::Localize
# - TagHelpers-ContentBlock
# See Mojolicious::Plugin::TagHelpers::ContentBlock
+# - TagHelpers-MailToChiffre
+# See Mojolicious::Plugin::TagHelpers::MailToChiffre
# - CHI
# See Mojolicious::Plugin::CHI
@@ -61,11 +63,5 @@
## Set proxy timeouts
# proxy_inactivity_timeout => 120,
# proxy_connect_timeout => 120,
- },
-
- # See Mojolicious::Plugin::TagHelpers::MailToChiffre
- 'TagHelpers-MailToChiffre' => {
- method_name => 'PArok',
- pattern_rotate => 673
}
}
diff --git a/lib/Kalamar.pm b/lib/Kalamar.pm
index 42fa51c..7931870 100644
--- a/lib/Kalamar.pm
+++ b/lib/Kalamar.pm
@@ -199,9 +199,15 @@
page => '<span>{page}</span>'
});
+ # Obfuscate email addresses
+ $self->plugin('TagHelpers::MailToChiffre' => {
+ method_name => 'PArok',
+ pattern_rotate => 673,
+ no_inline => 1
+ });
+
# Load plugins
foreach (
- 'TagHelpers::MailToChiffre', # Obfuscate email addresses
'KalamarHelpers', # Specific Helpers for Kalamar
'KalamarPages', # Page Helpers for Kalamar
'KalamarErrors', # Specific Errors for Kalamar
diff --git a/package.json b/package.json
index 838d8b6..e36cbba 100755
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
"name": "Kalamar",
"description": "Mojolicious-based Frontend for KorAP",
"license": "BSD-2-Clause",
- "version": "0.41.1",
+ "version": "0.41.2",
"pluginVersion": "0.2.2",
"engines": {
"node": ">=6.0.0"
diff --git a/t/doc.t b/t/doc.t
index 503c2a5..ebb3c2b 100644
--- a/t/doc.t
+++ b/t/doc.t
@@ -103,4 +103,8 @@
->text_is('#api-service-uri', 'https://korap.ids-mannheim.de/test/api/v1.0/');
+# Check mail_to_chiffre
+like($t->app->mail_to_chiffre('korap@korap.example'),qr!rel="nofollow"!);
+like($t->app->mail_to_chiffre('korap@korap.example'),qr!class="PArok"!);
+
done_testing();