Valid email address should only start with alphanumeric (#28174)

This fixes issue #27847 where regular expression allowed email address to start with special symbols. Valid email addresses should start with alphanumeric character, and as such will be rendered as email. Added test cases from the bug report to validate, such input will not be rendered anymore as email address. --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-05-28 13:20:20 +08:00 · 2025-04-20 12:18:14 +01:00
parent 6d3c6741ec
commit af6be75adb
3 changed files with 43 additions and 10 deletions
--- a/modules/markup/html_email.go
+++ b/modules/markup/html_email.go
@ -3,7 +3,11 @@

 package markup

-import "golang.org/x/net/html"
+import (
+	"strings"
+
+	"golang.org/x/net/html"
+)

 // emailAddressProcessor replaces raw email addresses with a mailto: link.
 func emailAddressProcessor(ctx *RenderContext, node *html.Node) {
@ -14,6 +18,14 @@ func emailAddressProcessor(ctx *RenderContext, node *html.Node) {
 			return
 		}

+		var nextByte byte
+		if len(node.Data) > m[3] {
+			nextByte = node.Data[m[3]]
+		}
+		if strings.IndexByte(":/", nextByte) != -1 {
+			// for cases: "git@gitea.com:owner/repo.git", "https://git@gitea.com/owner/repo.git"
+			return
+		}
 		mail := node.Data[m[2]:m[3]]
 		replaceContent(node, m[2], m[3], createLink(ctx, "mailto:"+mail, mail, "" /*mailto*/))
 		node = node.NextSibling.NextSibling