public void Transform_address_returns_form_URL_with_email_as_display_name() { var email = new ContactEmail("*****@*****.**"); var transformer = new WebsiteFormEmailAddressTransformer(new Uri("https://example.org")); var result = transformer.TransformEmailAddress(email); Assert.Equal("https://example.org/contactus/emailus/email.aspx?n=first.last%40example.org&e=first.last&d=example.org", result); }
public void Transform_bad_address_returns_null() { var email = new ContactEmail("Health%20and%20Safety%20"); var transformer = new WebsiteFormEmailAddressTransformer(new Uri("https://example.org")); var result = transformer.TransformEmailAddress(email); Assert.Null(result); }
/// <summary> /// Formats the specified HTML. /// </summary> /// <param name="html">The HTML.</param> /// <returns></returns> public string Format(string html) { // As a first line of defence, email links may have been converted into entities, so check for both encoded and unencoded. const string mailto = "(mailto:|mailto:)"; const string anythingExceptEndAnchor = "((?!</a>).)*"; html = Regex.Replace(html, "(<a [^>]*href=\")" + mailto + "([^\"]*)(\"[^>]*>)" + anythingExceptEndAnchor + "</a>", match => { // Get the email address, decoding from entities if necessary var email = HttpUtility.HtmlDecode(match.Groups[3].Value); // Get the link text. The regex used to match it allows for child tags, but matches // character by character so we have to reassemble it. It may still be entities at this point. var linkText = new StringBuilder(); foreach (Capture capture in match.Groups[5].Captures) { linkText.Append(capture.Value); } // If the link text is the email address we can't pass it in the URL as entities because that // looks like a XSS attack. But we don't want to put an email address unencoded into the current // page either. So instead, try to turn the first part of the email address into a real name. var linkTextForUrl = HttpUtility.HtmlDecode(linkText.ToString()); if (linkTextForUrl.Contains("@")) { linkTextForUrl = linkTextForUrl.Substring(0, linkTextForUrl.IndexOf("@", StringComparison.Ordinal)); linkTextForUrl = linkTextForUrl.Replace(".", " ").Titleize(); } // Get URL of form and HTML encode it as we reassable the link var baseUrl = HttpContext.Current != null ? HttpContext.Current.Request.Url : new Uri("https://www.eastsussex.gov.uk"); var emailAddressTransformer = new WebsiteFormEmailAddressTransformer(baseUrl); var formUrl = emailAddressTransformer.TransformEmailAddress(new ContactEmail(email, linkTextForUrl)); if (formUrl != null) { formUrl = HttpUtility.HtmlEncode(formUrl); } return(match.Groups[1].Value + formUrl + match.Groups[4].Value + linkText + "</a>"); }); return(html); }