Bug #93012

Email address are not wrapped in A tag if config.spamProtectEmailAddresses is set

Added by DANIEL Rémy 8 months ago. Updated 8 months ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
Frontend
Target version:
-
Start date:
2020-12-07
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

When the config.spamProtectEmailAddresses is set, a mailto: string passed through lib.parseFunc is transformed to a mailto link, with an href of the form "javascript:linkTo_UnCryptMailto()".

Problem, the <a> tag is removed in the rendered html, only the stays.

If I set config.spamProtectEmailAddresses to 0, the <a href="mailto:xxx@yyy.zzz">xxx@yyy.zzz</a> is present in the rendered html.

When debugging, I found that the makelinks conf of lib.parseFunc works well, but just after, the tags.a conf triggers a TEXT cObj with the <a href="javascript:linkTo_UnCryptMailto()">xxx@yyy.zzz</a> as value, and typolink removes the javascript: href, for security reason (see ContentObjectRenderer->resolveMixedLinkParameter)

How to reproduce:

page = PAGE
page.config.disableAllHeaderCode = 1
page.config.spamProtectEmailAddresses = -3
page.10 = TEXT
page.10.value = mailto:xxx@yyy.zzz
page.10.stdWrap.parseFunc < lib.parseFunc
#1

Updated by DANIEL Rémy 8 months ago

As a workaround, I disabled spamProtectEmailAddresses an email addresses are now clickable in frontend.
The drawback is that there is no more spam protection on email addresses.

Also available in: Atom PDF