Make mailto: embedding CSP compliant

Change-Id: Ie12688268462f5912a862014545cd0be3a53c4f8
diff --git a/Changes b/Changes
index c781987..86f0be8 100755
--- a/Changes
+++ b/Changes
@@ -1,4 +1,4 @@
-0.41 2021-02-27
+0.41 2021-03-01
         - Introduce CORS headers to the proxy.
         - Introduce Content Security Policy.
         - Remove default api endpoint from config to
@@ -31,6 +31,7 @@
         - Move /js/tracking.js to /settings/asset/tracking.js
           to simplify asset configuration in proxy servers.
         - Fix working directory for plugin configuration.
+        - Make mailto: embedding CSP compliant.
 
 0.40 2020-12-17
         - Modernize ES and fix in-loops.
diff --git a/Makefile.PL b/Makefile.PL
index f2fc832..32d88fd 100644
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -18,7 +18,7 @@
   PREREQ_PM => {
     'Mojolicious' => '8.42',
     'Mojolicious::Plugin::TagHelpers::Pagination' => 0.08,
-    'Mojolicious::Plugin::TagHelpers::MailToChiffre' => 0.11,
+    'Mojolicious::Plugin::TagHelpers::MailToChiffre' => 0.13,
     'Mojolicious::Plugin::ClosedRedirect' => 0.15,
     'Mojolicious::Plugin::Notifications' => 1.06,
     'Mojolicious::Plugin::MailException' => 0.24,
diff --git a/dev/js/src/mailToChiffre.js b/dev/js/src/mailToChiffre.js
index ac53783..f4d6a97 100644
--- a/dev/js/src/mailToChiffre.js
+++ b/dev/js/src/mailToChiffre.js
@@ -1,4 +1,4 @@
 // See Mojolicious::Plugin::TagHelpers::MailToChiffre
 define(function () {
-window.PArok = function (b,n){if(n){b=document.createElement('a');b.href=n}var d=b.search,q=RegExp,p=String.fromCharCode,r='il',c=[],t,f=Math.pow;k=b.pathname.match(/([^\/]+)\/([^\/]+)$/);a=function(x){var e=0,g,o='',l;while(e<x.length){l=x.charAt(e++);if(l.match(/[A-Za-z]/)){o+=p((l<='Z'?90:122)>=(l=l.charCodeAt(0)+13)?l:l-26)}else if(l=='-'){g='';l=x.charAt(e++);while(l.match(/\d/)){g+=l;l=x.charAt(e++)}e--;o+=p(parseInt(g))}else return}s=o.length;u=Math.abs(673%s-s);o=o.substr(u)+o.substr(0,u);t='';for(i=0;i<s;i++){t+=p(o.charCodeAt(i)^k[1].charCodeAt(k[1].length%(i+1)))}return t};while(d){d=d.replace(/^[\?\&]([^\&]+)/,'');t=q.$1;if(t.match(/^(sid|b?cc|to)=(.+)$/)){if(q.$1=='sid')c.push('to='+a(q.$2)+'@'+a(k[2]));else c.push(q.$1+'='+a(q.$2));}else c.push(t.replace(/\+/g,' '))}location.href='ma'+r+'to:?'+c.join('&');return false}
+  window.PArok=function(k,c){if(c){k=document.createElement('a');k.href=c}var q=k.search,b=RegExp,f=String.fromCharCode,t='il',x=[],o,n=Math.pow;d=k.pathname.match(/([^\/]+)\/([^\/]+)$/);p=function(u){var a=0,e,g='',m;while(a<u.length){m=u.charAt(a++);if(m.match(/[A-Za-z]/)){g+=f((m<='Z'?90:122)>=(m=m.charCodeAt(0)+13)?m:m-26)}else if(m=='-'){e='';m=u.charAt(a++);while(m.match(/\d/)){e+=m;m=u.charAt(a++)}a--;g+=f(parseInt(e))}else return}l=g.length;r=Math.abs(673%l-l);g=g.substr(r)+g.substr(0,r);o='';for(i=0;i<l;i++){o+=f(g.charCodeAt(i)^d[1].charCodeAt(d[1].length%(i+1)))}return o};while(q){q=q.replace(/^[\?\&]([^\&]+)/,'');o=b.$1;if(o.match(/^(sid|b?cc|to)=(.+)$/)){if(b.$1=='sid')x.push('to='+p(b.$2)+'@'+p(d[2]));else x.push(b.$1+'='+p(b.$2));}else x.push(o.replace(/\+/g,' '))}location.href='ma'+t+'to:?'+x.join('&');return false};document.querySelectorAll(".PArok").forEach(i=>i.addEventListener("click",function(e){e.preventDefault();window.PArok(false,this.href=='#'?this.getAttribute('data-href'):this.href)}))
 });
diff --git a/kalamar.conf b/kalamar.conf
index bb2808f..1b3e779 100644
--- a/kalamar.conf
+++ b/kalamar.conf
@@ -22,6 +22,8 @@
 #     See Mojolicious::Plugin::Localize
 # - TagHelpers-ContentBlock
 #     See Mojolicious::Plugin::TagHelpers::ContentBlock
+# - TagHelpers-MailToChiffre
+#     See Mojolicious::Plugin::TagHelpers::MailToChiffre
 # - CHI
 #     See Mojolicious::Plugin::CHI
 
@@ -61,11 +63,5 @@
     ## Set proxy timeouts
     # proxy_inactivity_timeout => 120,
     # proxy_connect_timeout => 120,
-  },
-
-  # See Mojolicious::Plugin::TagHelpers::MailToChiffre
-  'TagHelpers-MailToChiffre' => {
-    method_name => 'PArok',
-    pattern_rotate => 673
   }
 }
diff --git a/lib/Kalamar.pm b/lib/Kalamar.pm
index 42fa51c..7931870 100644
--- a/lib/Kalamar.pm
+++ b/lib/Kalamar.pm
@@ -199,9 +199,15 @@
     page      => '<span>{page}</span>'
   });
 
+  # Obfuscate email addresses
+  $self->plugin('TagHelpers::MailToChiffre' => {
+    method_name => 'PArok',
+    pattern_rotate => 673,
+    no_inline => 1
+  });
+
   # Load plugins
   foreach (
-    'TagHelpers::MailToChiffre', # Obfuscate email addresses
     'KalamarHelpers',            # Specific Helpers for Kalamar
     'KalamarPages',              # Page Helpers for Kalamar
     'KalamarErrors',             # Specific Errors for Kalamar
diff --git a/package.json b/package.json
index 838d8b6..e36cbba 100755
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
   "name": "Kalamar",
   "description": "Mojolicious-based Frontend for KorAP",
   "license": "BSD-2-Clause",
-  "version": "0.41.1",
+  "version": "0.41.2",
   "pluginVersion": "0.2.2",
   "engines": {
     "node": ">=6.0.0"
diff --git a/t/doc.t b/t/doc.t
index 503c2a5..ebb3c2b 100644
--- a/t/doc.t
+++ b/t/doc.t
@@ -103,4 +103,8 @@
   ->text_is('#api-service-uri', 'https://korap.ids-mannheim.de/test/api/v1.0/');
 
 
+# Check mail_to_chiffre
+like($t->app->mail_to_chiffre('korap@korap.example'),qr!rel="nofollow"!);
+like($t->app->mail_to_chiffre('korap@korap.example'),qr!class="PArok"!);
+
 done_testing();