Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
How to configure HtmLawed to allow mailto links?
MasterOne
✭✭
Vanilla 2.1 with Markdown & ButtonBar
By default mailto: links are not allowed (getting the denied: put in front). I just took a look, there are no options set in config.php / config-defaults.php, and what I found in the HtmLawed module folder didn't help neither.
So what's the proper way to configure HtmLawed to allow mailto: links?
Is it possible to let it recognize e-mail addresses automatically and put mailto: in front of them?
My forum members really would like to have that feature, especially for e-mail addresses put into signatures.
0
Comments
Just post the email, mailto only triggers your mail app to write an email. It is a convenience not essential . Plus it could end up creating spam
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
This is the result of my testing:
test@example.tld
test@example.tld
mailto:test@example.tld
mailto:test@example.tld
[test@example.tld](test@example.tld)
test@example.tld
[test@example.tld](mailto:test@example.tld)
test@example.tld
[test@example.tld](mailto:%74%65%73%74%40%65%78%61%6D%70%6C%65%2E%74%6C%64)
test@example.tld
As you can see, only
[test@example.tld](mailto:test@example.tld)
is working as supposed to, but I like to encrypt my e-mail address with tools like >>> this site <<< with the result not being recognized getting thedenied:
put in front.why would people bother to put mailto anyway?
You need post parsing of email address that is it. You need a decent rexp for email address an links. Then you replace it with whatever code.
grep is your friend.
I'm not a fan of posting e-mail addresses in signatures or forum postings, but others don't care about the SPAM risk and want theirs visible, so I was looking into it. I don't know if encrypting an e-mail address as shown is any good for preventing SPAM but I guess so, otherwise what would be the point of it?
although I agree with vri and x00,
this may me something for you to look at Master One.
http://stackoverflow.com/questions/9193312/encrypt-mailto-email-addresses-with-inline-javascript
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Nice find, if it would have been as simple as putting
<a href="javascript:window.location.href = 'mailto:' + ['john','smith.com'].join('@')">john<!---->@<!---->smith.com</a>
into a comment, but of course that doesn't work (
denied:
).I'm glad HtmLawed is doing such a great job, though it would have been nice if there would have been an easy way to configure it.
This really is not of importance to me, for people who must have their e-mail address shown to the world
[test@example.tld](mailto:test@example.tld)
works, when I need to do so for myself I just post an image showing the e-mail address.what you want to do is display after the body or signature is formatted. But you would need to make sure what you do, doesn't allow others to exploit security provisions.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
you could write a plugin that. checks whether user wants a mailto button (via profile) , and then displays it wherever you like.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
I like the idea of the link auto-parser using mailto and HtmLawed allowing it, it would just require someone else to write that patch and test the hell out of it.