view: addr2urlmap matches HTML-escaped addresses, only

Some odd email addresses may require HTML escaping, and
the resulting regexp is run on escaped HTML.

diff --git a/lib/PublicInbox/View.pm b/lib/PublicInbox/View.pm
index 37c910f85244e99f8e1f435b5f8c4d399edad9ac..19f4168edc6978aa767fa3e53ee1cfcedbb34de8 100644 (file)
--- a/lib/PublicInbox/View.pm
+++ b/lib/PublicInbox/View.pm
@@ -196,7 +196,8 @@ sub addr2urlmap ($) {
                my (%addr2url, $url);
                while (my ($addr, $ibx) = each %$by_addr) {
                        $url = $ibx->base_url // $ibx->base_url($ctx->{env});
-                       $addr2url{$addr} = ascii_html($url) if defined $url;
+                       $addr2url{ascii_html($addr)} = ascii_html($url) if
+                               defined $url;
                }
                # don't allow attackers to randomly change Host: headers
                # and OOM us if the server handles all hostnames: