From: Alexander Moisseev Date: Tue, 12 May 2026 15:13:44 +0000 (+0300) Subject: [Fix] Dot add :// to mailto: URIs (RFC 6068) X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a4ae515366992bb0514afd891eab7c5982691371;p=thirdparty%2Frspamd.git [Fix] Dot add :// to mailto: URIs (RFC 6068) mailto: is non-hierarchical — the // authority component never applies. The bug was in rspamd_mailto_parse setting RSPAMD_URL_FLAG_MISSINGSLASHES when // was absent, causing rspamd_url_parse_text to inject :// into the stored string. Note: bare email addresses detected via the @ pattern (user@example.net in text, no scheme prefix) still go through a different path where "mailto://" is injected as a literal prefix — that's a separate issue and out of scope here. --- diff --git a/src/libserver/html/html_cta.cxx b/src/libserver/html/html_cta.cxx index 2e2579828a..a25103bea4 100644 --- a/src/libserver/html/html_cta.cxx +++ b/src/libserver/html/html_cta.cxx @@ -415,7 +415,10 @@ static auto compute_penalty(const html_tag &tag, penalty += 0.3f; } - if (url.protocol == PROTOCOL_MAILTO || url.protocol == PROTOCOL_FTP) { + if (url.protocol == PROTOCOL_MAILTO) { + penalty += 0.15f; + } + else if (url.protocol == PROTOCOL_FTP) { penalty += 0.05f; } diff --git a/src/libserver/url.c b/src/libserver/url.c index ca539f2ca9..9aba86defa 100644 --- a/src/libserver/url.c +++ b/src/libserver/url.c @@ -746,7 +746,7 @@ rspamd_mailto_parse(struct http_parser_url *u, p++; } else { - *flags |= RSPAMD_URL_FLAG_MISSINGSLASHES; + /* mailto: is non-hierarchical (RFC 6068); // is not required */ st = parse_slash_slash; } break;