With the update to SpamSpan 3.1.3, there is an issue with Mail-Addresses containing a dash in their domain: The anchor-text does not properly get de-obfuscated. Instead of showing a text like `text@example-site.com`, the browser shows `testatexample-sitedotcom`
## Input in CKEditor (no matter if ckeditor4 or ckeditor5, no matter if full_html or basic_html)
Source: Test-mail-link: test@example-site.com
## Expected Behaviour: Output in SpamSpan 8.x-1.3
Source: Test-mail-link: test [at] example-site [punkt] com
After Javascript: Test-mail-link: test@example-site.com
## Unexpected Behaviour: Output in SpamSpan 3.1.3
Source: Test-mail-link: test [at] example-site [punkt] com (testatexample-sitedotcom)
After Javascript: Test-mail-link: testatexample-sitedotcom
The issue does not occur with dashes or other special-characters in the user-part of the email-adress.
The issue does not occur on email-addresses without a-mailto-links.
As far as I understand, there is a mismatch in the Pattern-Matching in SpamspanTrait.php#filterTagContents (which accepts dashes in Domains) and the much more simplified version in spamspan.js at line 43, which only matches \w ([a-zA-Z0-9_], but no -)
The easiest fix (which I already use on my system) is to change the regex in spamspan.js, line 43, to something like
const emailPattern = /\b\w+at(-|\w)+dot\w+\b/g;
Or even better: allow for dots (subdomains) as well:
const emailPattern = /\b\w+at(-|\.|\w)+dot\w+\b/g;
Best improvement would probably use the same patterns as in SpamspanInterface::PATTERN_EMAIL_BARE
Closed: duplicate
3.1
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
No activities found.