From: Eric Wong <e@80x24.org>
Date: Fri, 13 Sep 2024 22:07:22 +0000 (+0000)
Subject: view: addr2urlmap matches HTML-escaped addresses, only
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bf9407e266c90e459337b1e6ea70871e740db3e0;p=thirdparty%2Fpublic-inbox.git

view: addr2urlmap matches HTML-escaped addresses, only

Some odd email addresses may require HTML escaping, and
the resulting regexp is run on escaped HTML.
---

diff --git a/lib/PublicInbox/View.pm b/lib/PublicInbox/View.pm
index 37c910f85..19f4168ed 100644
--- a/lib/PublicInbox/View.pm
+++ b/lib/PublicInbox/View.pm
@@ -196,7 +196,8 @@ sub addr2urlmap ($) {
 		my (%addr2url, $url);
 		while (my ($addr, $ibx) = each %$by_addr) {
 			$url = $ibx->base_url // $ibx->base_url($ctx->{env});
-			$addr2url{$addr} = ascii_html($url) if defined $url;
+			$addr2url{ascii_html($addr)} = ascii_html($url) if
+				defined $url;
 		}
 		# don't allow attackers to randomly change Host: headers
 		# and OOM us if the server handles all hostnames: