Bug 363427

Summary: unsafe characters incorrectly parsed as part of URL
Product: [Applications] kdepim Reporter: Erik Quaeghebeur <bugs.kde.org>
Component: messageviewerAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED FIXED    
Severity: minor CC: kdenis, montel
Priority: NOR    
Version: 5.4.*   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
Latest Commit: Version Fixed In: 5.5
Sentry Crash Report:

Description Erik Quaeghebeur 2016-05-23 09:16:26 UTC 
Unsafe characters are incorrectly parsed as part of URL when showing plain text emails. This sometimes result in spurious ‘dangerous-URL’-warnings .

Consider the following text, a type not uncommon in multipart/alternative mails:

[Please visit our booth 24-25 http://example.com/][cid:image004.png@01D1B286.A42C3F20][Please visit our booth 24-25 http://example.com/][cid:image004.png@01D1B286.A42C3F20][cid:image012.png@01D19A5C.4369C910]<http://example.com/>

The following two links are extracted by kmail:

http://example.com/%5D%5Bcid:image004.png@01D1B286.A42C3F20%5D%5BPlease

http://example.com/%5D%5Bcid:image004.png@01D1B286.A42C3F20%5D%5Bcid:image012.png@01D19A5C.4369C910%5D%3Chttp://example.com/

So what happens is that the unsafe characters such as ‘]’, ‘[’, and ‘<’ are considered part of the URL and then encoded (given the former, the latter makes sense).
What IMHO should happen is that unsafe characters should be considered as URL-delimiting, given that they should always be URL-encoded. In fact, this is usually done by kmail, but in this case, this failed because there was a space before the initial URL. Namely, consider

[http://www.example.org/][whatever]
[http://www.example.org/] [whatever]
[http://www.example.org/]

[a http://www.example.org/][whatever]
[a http://www.example.org/] [whatever]
[a http://www.example.org/]

In the first set of three, parsing is always correct. In the latter set of three, it is incorrect for the first line, i.e., a link

http://www.example.org/%5D%5Bwhatever%5D

is generated.

So I think the parsing code should be modified to deal with such cases.

Reproducible: Always
Comment 1 Erik Quaeghebeur 2016-05-23 09:19:47 UTC 
(In reply to Erik Quaeghebeur from comment #0)
>
> [http://www.example.org/][whatever]

Where do I file bugs against the KDE's bug tracking system? ;-)
Comment 2 Denis Kurz 2017-01-16 18:01:45 UTC 
(In reply to Erik Quaeghebeur from comment #1)
> (In reply to Erik Quaeghebeur from comment #0)
> >
> > [http://www.example.org/][whatever]
> 
> Where do I file bugs against the KDE's bug tracking system? ;-)

https://bugzilla.mozilla.org/describecomponents.cgi?product=Bugzilla

A pity that noone saw your hilarious comment :D

Also, the bug is still present in KMail 5.4.1 just as described in Comment 0.
Comment 3 Erik Quaeghebeur 2017-01-16 22:23:35 UTC 
(In reply to Denis Kurz from comment #2)
> (In reply to Erik Quaeghebeur from comment #1)
> > 
> > Where do I file bugs against the KDE's bug tracking system? ;-)
> 
> https://bugzilla.mozilla.org/describecomponents.cgi?product=Bugzilla

Thanks. FYI: https://bugzilla.mozilla.org/show_bug.cgi?id=177820#c17
Comment 4 Laurent Montel 2017-01-17 06:07:49 UTC 
(In reply to Denis Kurz from comment #2)
> (In reply to Erik Quaeghebeur from comment #1)
> > (In reply to Erik Quaeghebeur from comment #0)
> > >
> > > [http://www.example.org/][whatever]
> > 
> > Where do I file bugs against the KDE's bug tracking system? ;-)
> 
> https://bugzilla.mozilla.org/describecomponents.cgi?product=Bugzilla
> 
> A pity that noone saw your hilarious comment :D
> 
> Also, the bug is still present in KMail 5.4.1 just as described in Comment 0.

Are you sure ?
I confirm that [http://www.example.org/][whatever] works fine as I fixed it long time ago. And there is a autotest in kcoreaddons for it.
Comment 5 Laurent Montel 2017-01-17 06:26:58 UTC 
[Please visit our booth 24-25 http://example.com/]
this one has still a problem.
I work one.
Comment 6 Laurent Montel 2017-01-17 06:43:01 UTC 
Git commit c6671aa2651306b783edeb99c89448f636dc4bf8 by Montel Laurent.
Committed on 17/01/2017 at 06:41.
Pushed by mlaurent into branch 'master'.

Fix Bug 363427 - unsafe characters incorrectly parsed as part of URL

Fix [Please visit our booth 24-25 http://example.com/]

M  +4    -0    autotests/ktexttohtmltest.cpp
M  +2    -0    src/lib/text/ktexttohtml.cpp

https://commits.kde.org/kcoreaddons/c6671aa2651306b783edeb99c89448f636dc4bf8
Comment 7 Denis Kurz 2017-01-17 19:17:57 UTC 
(In reply to Laurent Montel from comment #4)
> Are you sure ?

Oh, I'm sorry! You are right, it is parsed correctly (except for the case you mention).
Comment 8 Erik Quaeghebeur 2017-08-21 06:41:22 UTC 
Gentoo recently stabilized the KDE 5 version, 5.5.3, to be precise, and this is fixed, so closing.