[kmail2] [Bug 363427] New: unsafe characters incorrectly parsed as part of URL

Erik Quaeghebeur via KDE Bugzilla bugzilla_noreply at kde.org
Mon May 23 10:16:26 BST 2016 

https://bugs.kde.org/show_bug.cgi?id=363427

            Bug ID: 363427
           Summary: unsafe characters incorrectly parsed as part of URL
           Product: kmail2
           Version: 4.14.10
          Platform: Gentoo Packages
                OS: Linux
            Status: UNCONFIRMED
          Severity: minor
          Priority: NOR
         Component: general
          Assignee: kdepim-bugs at kde.org
          Reporter: kdebugs at equaeghe.nospammail.net

Unsafe characters are incorrectly parsed as part of URL when showing plain text
emails. This sometimes result in spurious ‘dangerous-URL’-warnings .

Consider the following text, a type not uncommon in multipart/alternative
mails:

[Please visit our booth 24-25
http://example.com/][cid:image004.png at 01D1B286.A42C3F20][Please visit our booth
24-25
http://example.com/][cid:image004.png at 01D1B286.A42C3F20][cid:image012.png at 01D19A5C.4369C910]<http://example.com/>

The following two links are extracted by kmail:

http://example.com/%5D%5Bcid:image004.png@01D1B286.A42C3F20%5D%5BPlease

http://example.com/%5D%5Bcid:image004.png@01D1B286.A42C3F20%5D%5Bcid:image012.png@01D19A5C.4369C910%5D%3Chttp://example.com/

So what happens is that the unsafe characters such as ‘]’, ‘[’, and ‘<’ are
considered part of the URL and then encoded (given the former, the latter makes
sense).
What IMHO should happen is that unsafe characters should be considered as
URL-delimiting, given that they should always be URL-encoded. In fact, this is
usually done by kmail, but in this case, this failed because there was a space
before the initial URL. Namely, consider

[http://www.example.org/][whatever]
[http://www.example.org/] [whatever]
[http://www.example.org/]

[a http://www.example.org/][whatever]
[a http://www.example.org/] [whatever]
[a http://www.example.org/]

In the first set of three, parsing is always correct. In the latter set of
three, it is incorrect for the first line, i.e., a link

http://www.example.org/%5D%5Bwhatever%5D

is generated.

So I think the parsing code should be modified to deal with such cases.

Reproducible: Always

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list