From a4ae515366992bb0514afd891eab7c5982691371 Mon Sep 17 00:00:00 2001 From: Alexander Moisseev Date: Tue, 12 May 2026 18:13:44 +0300 Subject: [PATCH] [Fix] Dot add :// to mailto: URIs (RFC 6068) MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit mailto: is non-hierarchical — the // authority component never applies. The bug was in rspamd_mailto_parse setting RSPAMD_URL_FLAG_MISSINGSLASHES when // was absent, causing rspamd_url_parse_text to inject :// into the stored string. Note: bare email addresses detected via the @ pattern (user@example.net in text, no scheme prefix) still go through a different path where "mailto://" is injected as a literal prefix — that's a separate issue and out of scope here. --- src/libserver/html/html_cta.cxx | 5 ++++- src/libserver/url.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/libserver/html/html_cta.cxx b/src/libserver/html/html_cta.cxx index 2e2579828a..a25103bea4 100644 --- a/src/libserver/html/html_cta.cxx +++ b/src/libserver/html/html_cta.cxx @@ -415,7 +415,10 @@ static auto compute_penalty(const html_tag &tag, penalty += 0.3f; } - if (url.protocol == PROTOCOL_MAILTO || url.protocol == PROTOCOL_FTP) { + if (url.protocol == PROTOCOL_MAILTO) { + penalty += 0.15f; + } + else if (url.protocol == PROTOCOL_FTP) { penalty += 0.05f; } diff --git a/src/libserver/url.c b/src/libserver/url.c index ca539f2ca9..9aba86defa 100644 --- a/src/libserver/url.c +++ b/src/libserver/url.c @@ -746,7 +746,7 @@ rspamd_mailto_parse(struct http_parser_url *u, p++; } else { - *flags |= RSPAMD_URL_FLAG_MISSINGSLASHES; + /* mailto: is non-hierarchical (RFC 6068); // is not required */ st = parse_slash_slash; } break; -- 2.47.3