File Coverage

blib/lib/Mail/SpamAssassin/HTML.pm

Criterion	Covered	Total	%
statement	379	477	79.4
branch	195	308	63.3
condition	82	155	52.9
subroutine	34	37	91.8
pod	2	25	8.0
total	692	1002	69.0

line	stmt	bran	cond	sub	pod	time	code
1							# <@LICENSE>
2							# Licensed to the Apache Software Foundation (ASF) under one or more
3							# contributor license agreements. See the NOTICE file distributed with
4							# this work for additional information regarding copyright ownership.
5							# The ASF licenses this file to you under the Apache License, Version 2.0
6							# (the "License"); you may not use this file except in compliance with
7							# the License. You may obtain a copy of the License at:
8							#
9							# http://www.apache.org/licenses/LICENSE-2.0
10							#
11							# Unless required by applicable law or agreed to in writing, software
12							# distributed under the License is distributed on an "AS IS" BASIS,
13							# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14							# See the License for the specific language governing permissions and
15							# limitations under the License.
16							# </@LICENSE>
17
18							# HTML decoding TODOs
19							# - add URIs to list for faster URI testing
20
21							package Mail::SpamAssassin::HTML;
22
23	40			40		260	use strict;
	40					72
	40					1307
24	40			40		239	use warnings;
	40					94
	40					1280
25	40			40		234	use re 'taint';
	40					101
	40					1881
26
27							require 5.008; # need basic Unicode support for HTML::Parser::utf8_mode
28							# require 5.008008; # Bug 3787; [perl #37950]: Malformed UTF-8 character ...
29
30	40			40		23640	use HTML::Parser 3.43 ();
	40					245768
	40					1269
31	40			40		313	use Mail::SpamAssassin::Logger;
	40					75
	40					2478
32	40			40		243	use Mail::SpamAssassin::Constants qw(:sa);
	40					68
	40					5377
33	40			40		266	use Mail::SpamAssassin::Util qw(untaint_var);
	40					72
	40					259668
34
35							our @ISA = qw(HTML::Parser);
36
37							# elements defined by the HTML 4.01 and XHTML 1.0 DTDs (do not change them!)
38							# does not include XML
39							my %elements = map {; $_ => 1 }
40							# strict
41							qw( a abbr acronym address area b base bdo big blockquote body br button caption cite code col colgroup dd del dfn div dl dt em fieldset form h1 h2 h3 h4 h5 h6 head hr html i img input ins kbd label legend li link map meta noscript object ol optgroup option p param pre q samp script select small span strong style sub sup table tbody td textarea tfoot th thead title tr tt ul var ),
42							# loose
43							qw( applet basefont center dir font frame frameset iframe isindex menu noframes s strike u ),
44							# non-standard tags
45							qw( nobr x-sigsep x-tab ),
46							;
47
48							# elements that we want to render, but not count as valid
49							my %tricks = map {; $_ => 1 }
50							# non-standard and non-valid tags
51							qw( bgsound embed listing plaintext xmp ),
52							# other non-standard tags handled in popfile
53							# blink ilayer multicol noembed nolayer spacer wbr
54							;
55
56							# elements that change text style
57							my %elements_text_style = map {; $_ => 1 }
58							qw( body font table tr th td big small basefont marquee span p div a ),
59							;
60
61							# elements that insert whitespace
62							my %elements_whitespace = map {; $_ => 1 }
63							qw( br div li th td dt dd p hr blockquote pre embed listing plaintext xmp title
64							h1 h2 h3 h4 h5 h6 ),
65							;
66
67							# elements that push URIs
68							my %elements_uri = map {; $_ => 1 }
69							qw( body table tr td a area link img frame iframe embed script form base bgsound ),
70							;
71
72							# style attribute not accepted
73							#my %elements_no_style = map {; $_ => 1 }
74							# qw( base basefont head html meta param script style title ),
75							#;
76
77							# permitted element attributes
78							my %ok_attributes;
79							$ok_attributes{basefont}{$_} = 1 for qw( color face size );
80							$ok_attributes{body}{$_} = 1 for qw( text bgcolor link alink vlink background );
81							$ok_attributes{font}{$_} = 1 for qw( color face size );
82							$ok_attributes{marquee}{$_} = 1 for qw( bgcolor background );
83							$ok_attributes{table}{$_} = 1 for qw( bgcolor style );
84							$ok_attributes{td}{$_} = 1 for qw( bgcolor style );
85							$ok_attributes{th}{$_} = 1 for qw( bgcolor style );
86							$ok_attributes{tr}{$_} = 1 for qw( bgcolor style );
87							$ok_attributes{span}{$_} = 1 for qw( style );
88							$ok_attributes{p}{$_} = 1 for qw( style );
89							$ok_attributes{div}{$_} = 1 for qw( style );
90							$ok_attributes{a}{$_} = 1 for qw( style );
91
92							sub new {
93	7			7	1	27	my ($class, $character_semantics_input, $character_semantics_output) = @_;
94	7					254	my $self = $class->SUPER::new(
95							api_version => 3,
96							handlers => [
97							start_document => ["html_start", "self"],
98							start => ["html_tag", "self,tagname,attr,'+1'"],
99							end_document => ["html_end", "self"],
100							end => ["html_tag", "self,tagname,attr,'-1'"],
101							text => ["html_text", "self,dtext"],
102							comment => ["html_comment", "self,text"],
103							declaration => ["html_declaration", "self,text"],
104							],
105							marked_sections => 1);
106	7					1023	$self->{SA_character_semantics_input} = $character_semantics_input;
107							$self->{SA_encode_results} =
108	7		33			45	$character_semantics_input && !$character_semantics_output;
109	7					26	$self;
110							}
111
112							sub html_start {
113	7			7	0	32	my ($self) = @_;
114
115							# trigger HTML_MESSAGE
116	7					41	$self->put_results(html => 1);
117
118							# initial display attributes
119	7					25	$self->{basefont} = 3;
120							my %default = (tag => "default",
121							fgcolor => "#000000",
122							bgcolor => "#ffffff",
123	7					62	size => $self->{basefont});
124	7					23	push @{ $self->{text_style} }, \%default;
	7					158
125							}
126
127							sub html_end {
128	7			7	0	33	my ($self) = @_;
129
130	7					45	delete $self->{text_style};
131
132	7					17	my @uri;
133
134							# add the canonicalized version of each uri to the detail list
135	7	50				31	if (defined $self->{uri}) {
136	7					15	@uri = keys %{$self->{uri}};
	7					65
137							}
138
139							# these keep backward compatibility, albeit a little wasteful
140	7					42	$self->put_results(uri => \@uri);
141	7					30	$self->put_results(anchor => $self->{anchor});
142
143	7					30	$self->put_results(uri_detail => $self->{uri});
144	7					36	$self->put_results(uri_truncated => $self->{uri_truncated});
145
146							# final results scalars
147	7					32	$self->put_results(image_area => $self->{image_area});
148	7					33	$self->put_results(length => $self->{length});
149	7					39	$self->put_results(min_size => $self->{min_size});
150	7					35	$self->put_results(max_size => $self->{max_size});
151	7	50				33	if (exists $self->{tags}) {
152							$self->put_results(closed_extra_ratio =>
153	7					36	($self->{closed_extra} / $self->{tags}));
154							}
155
156							# final result arrays
157	7					42	$self->put_results(comment => $self->{comment});
158	7					30	$self->put_results(script => $self->{script});
159	7					32	$self->put_results(title => $self->{title});
160
161							# final result hashes
162	7					30	$self->put_results(inside => $self->{inside});
163
164							# end-of-document result values that don't require looking at the text
165	7	50				41	if (exists $self->{backhair}) {
166	0					0	$self->put_results(backhair_count => scalar keys %{ $self->{backhair} });
	0					0
167							}
168	7	50	33			83	if (exists $self->{elements} && exists $self->{tags}) {
169							$self->put_results(bad_tag_ratio =>
170	7					39	($self->{tags} - $self->{elements}) / $self->{tags});
171							}
172	7	50	33			89	if (exists $self->{elements_seen} && exists $self->{tags_seen}) {
173							$self->put_results(non_element_ratio =>
174							($self->{tags_seen} - $self->{elements_seen}) /
175	7					45	$self->{tags_seen});
176							}
177	7	50	33			80	if (exists $self->{tags} && exists $self->{obfuscation}) {
178							$self->put_results(obfuscation_ratio =>
179	0					0	$self->{obfuscation} / $self->{tags});
180							}
181							}
182
183							sub put_results {
184	116			116	0	151	my $self = shift;
185	116					258	my %results = @_;
186
187	116					290	while (my ($k, $v) = each %results) {
188	116					456	$self->{results}{$k} = $v;
189							}
190							}
191
192							sub get_results {
193	7			7	0	21	my ($self) = @_;
194
195	7					24	return $self->{results};
196							}
197
198							sub get_rendered_text {
199	21			21	0	39	my $self = shift;
200	21					53	my %options = @_;
201
202	21	100				70	return join('', @{ $self->{text} }) unless %options;
	7					119
203
204	14					23	my $mask;
205	14					86	while (my ($k, $v) = each %options) {
206	14	50				70	next if !defined $self->{"text_$k"};
207	14	50				44	if (!defined $mask) {
208	14	100				111	$mask \|= $v ? $self->{"text_$k"} : ~ $self->{"text_$k"};
209							}
210							else {
211	0	0				0	$mask &= $v ? $self->{"text_$k"} : ~ $self->{"text_$k"};
212							}
213							}
214
215	14					43	my $text = '';
216	14					25	my $i = 0;
217	14	100				19	for (@{ $self->{text} }) { $text .= $_ if vec($mask, $i++, 1); }
	14					44
	1372					3124
218	14					63	return $text;
219							}
220
221							sub parse {
222	7			7	1	37	my ($self, $text) = @_;
223
224	7					33	$self->{image_area} = 0;
225	7					21	$self->{title_index} = -1;
226	7					25	$self->{max_size} = 3; # start at default size
227	7					18	$self->{min_size} = 3; # start at default size
228	7					32	$self->{closed_html} = 0;
229	7					34	$self->{closed_body} = 0;
230	7					17	$self->{closed_extra} = 0;
231	7					19	$self->{text} = []; # rendered text
232	7					41	$self->{length} += untaint_var(length($text));
233
234							# NOTE: We only need to fix the rendering when we verify that it
235							# differs from what people see in their MUA. Testing is best done with
236							# the most common MUAs and browsers, if you catch my drift.
237
238							# NOTE: HTML::Parser can cope with: <?xml pis>, <? with space>, so we
239							# don't need to fix them here.
240
241							# # (outdated claim) HTML::Parser converts   into a question mark ("?")
242							# # for some reason, so convert them to spaces. Confirmed in 3.31, at least.
243							# ... Actually it doesn't, it is correctly converted into Unicode NBSP,
244							# nevertheless it does not hurt to treat it as a space.
245	7					64	$text =~ s/ / /g;
246
247							# bug 4695: we want "<br/>" to be treated the same as "<br>", and
248							# the HTML::Parser API won't do it for us
249	7					208	$text =~ s/<(\w+)\s*\/>/<$1>/gi;
250
251	7	50				98	if (!$self->UNIVERSAL::can('utf8_mode')) {
252							# utf8_mode is cleared by default, only warn if it would need to be set
253							warn "message: cannot set utf8_mode, module HTML::Parser is too old\n"
254	0	0				0	if !$self->{SA_character_semantics_input};
255							} else {
256	7	50				68	$self->SUPER::utf8_mode($self->{SA_character_semantics_input} ? 0 : 1);
257	7					24	my $utf8_mode = $self->SUPER::utf8_mode;
258	7	50				38	dbg("message: HTML::Parser utf8_mode %s",
259							$utf8_mode ? "on (assumed UTF-8 octets)"
260							: "off (default, assumed Unicode characters)");
261							}
262
263	7					21	eval {
264							local $SIG{__WARN__} = sub {
265	0			0		0	my $err = $_[0];
266	0					0	$err =~ s/\s+/ /gs; $err =~ s/(.) at ./$1/s;
	0					0
267	0					0	info("message: HTML::Parser warning: $err");
268	7					81	};
269	7					92	$self->SUPER::parse($text);
270							};
271
272							# bug 7437: deal gracefully with HTML::Parser misbehavior on unclosed <style> and <script> tags
273							# (typically from not passing the entire message to spamc, but possibly a DoS attack)
274	7		66			56	$self->SUPER::parse("</style>") while exists $self->{inside}{style} && $self->{inside}{style} > 0;
275	7		33			41	$self->SUPER::parse("</script>") while exists $self->{inside}{script} && $self->{inside}{script} > 0;
276
277	7					97	$self->SUPER::eof;
278
279	7					33	return $self->{text};
280							}
281
282							sub html_tag {
283	824			824	0	1936	my ($self, $tag, $attr, $num) = @_;
284	824	50				1545	utf8::encode($tag) if $self->{SA_encode_results};
285
286	824					1343	my $maybe_namespace = ($tag =~ m@^(?:o\|st\d):[\w-]+/?$@);
287
288	824	50	33			2014	if (exists $elements{$tag} \|\| $maybe_namespace) {
289	824					1067	$self->{elements}++;
290	824	100				1751	$self->{elements_seen}++ if !exists $self->{inside}{$tag};
291							}
292	824					1135	$self->{tags}++;
293	824	100				1412	$self->{tags_seen}++ if !exists $self->{inside}{$tag};
294	824					1634	$self->{inside}{$tag} += $num;
295	824	100				1731	if ($self->{inside}{$tag} < 0) {
296	17					32	$self->{inside}{$tag} = 0;
297	17					33	$self->{closed_extra}++;
298							}
299
300	824	50				1423	return if $maybe_namespace;
301
302							# ignore non-elements
303	824	50	33			1980	if (exists $elements{$tag} \|\| exists $tricks{$tag}) {
304	824	100				2286	$self->text_style($tag, $attr, $num) if exists $elements_text_style{$tag};
305
306							# bug 5009: things like <p> and </p> both need dealing with
307	824	100				2225	$self->html_whitespace($tag) if exists $elements_whitespace{$tag};
308
309							# start tags
310	824	100				1799	if ($num == 1) {
311	464	100				1207	$self->html_uri($tag, $attr) if exists $elements_uri{$tag};
312	464					1149	$self->html_tests($tag, $attr, $num);
313							}
314							# end tags
315							else {
316	360	100				659	$self->{closed_html} = 1 if $tag eq "html";
317	360	100				2449	$self->{closed_body} = 1 if $tag eq "body";
318							}
319							}
320							}
321
322							sub html_whitespace {
323	202			202	0	348	my ($self, $tag) = @_;
324
325							# ordered by frequency of tag groups, note: whitespace is always "visible"
326	202	100	100			941	if ($tag eq "br" \|\| $tag eq "div") {
		100
		50
327	93					187	$self->display_text("\n", whitespace => 1);
328							}
329							elsif ($tag =~ /^(?:li\|t[hd]\|d[td]\|embed\|h\d)$/) {
330	15					28	$self->display_text(" ", whitespace => 1);
331							}
332							elsif ($tag =~ /^(?:p\|hr\|blockquote\|pre\|listing\|plaintext\|xmp\|title)$/) {
333	94					200	$self->display_text("\n\n", whitespace => 1);
334							}
335							}
336
337							# puts the uri onto the internal array
338							# note: uri may be blank (<a href=""></a> obfuscation, etc.)
339							sub push_uri {
340	131			131	0	287	my ($self, $type, $uri) = @_;
341
342	131					241	$uri = $self->canon_uri($uri);
343	131	50				287	utf8::encode($uri) if $self->{SA_encode_results};
344
345	131		50			520	my $target = target_uri($self->{base_href} \|\| "", $uri);
346
347							# skip things like <iframe src="" ...>
348	131	50				745	$self->{uri}->{$uri}->{types}->{$type} = 1 if $uri ne '';
349							}
350
351							sub canon_uri {
352	249			249	0	408	my ($self, $uri) = @_;
353
354							# URIs don't have leading/trailing whitespace ...
355	249					526	$uri =~ s/^\s+//;
356	249					470	$uri =~ s/\s+$//;
357
358							# Make sure all the URIs are nice and short
359	249	50				506	if (length $uri > MAX_URI_LENGTH) {
360	0					0	$self->{'uri_truncated'} = 1;
361	0					0	$uri = substr $uri, 0, MAX_URI_LENGTH;
362							}
363
364	249					550	return $uri;
365							}
366
367							sub html_uri {
368	149			149	0	339	my ($self, $tag, $attr) = @_;
369
370							# ordered by frequency of tag groups
371	149	100				725	if ($tag =~ /^(?:body\|table\|tr\|td)$/) {
		100
		50
		0
		0
372	24	100				63	if (defined $attr->{background}) {
373	6					14	$self->push_uri($tag, $attr->{background});
374							}
375							}
376							elsif ($tag =~ /^(?:a\|area\|link)$/) {
377	118	50				272	if (defined $attr->{href}) {
378	118					328	$self->push_uri($tag, $attr->{href});
379							}
380							}
381							elsif ($tag =~ /^(?:img\|frame\|iframe\|embed\|script\|bgsound)$/) {
382	7	50				16	if (defined $attr->{src}) {
383	7					14	$self->push_uri($tag, $attr->{src});
384							}
385							}
386							elsif ($tag eq "form") {
387	0	0				0	if (defined $attr->{action}) {
388	0					0	$self->push_uri($tag, $attr->{action});
389							}
390							}
391							elsif ($tag eq "base") {
392	0	0				0	if (my $uri = $attr->{href}) {
393	0					0	$uri = $self->canon_uri($uri);
394
395							# use <BASE HREF="URI"> to turn relative links into absolute links
396
397							# even if it is a base URI, handle like a normal URI as well
398	0					0	$self->push_uri($tag, $uri);
399
400							# a base URI will be ignored by browsers unless it is an absolute
401							# URI of a standard protocol
402	0	0				0	if ($uri =~ m@^(?:https?\|ftp):/{0,2}@i) {
403							# remove trailing filename, if any; base URIs can have the
404							# form of "http://foo.com/index.html"
405	0					0	$uri =~ s@^([a-z]+:/{0,2}[^/]+/.*?)[^/\.]+\.[^/\.]{2,4}$@$1@i;
406
407							# Make sure it ends in a slash
408	0	0				0	$uri .= "/" unless $uri =~ m@/$@;
409	0	0				0	utf8::encode($uri) if $self->{SA_encode_results};
410	0					0	$self->{base_href} = $uri;
411							}
412							}
413							}
414							}
415
416							# this might not be quite right, may need to pay attention to table nesting
417							sub close_table_tag {
418	15			15	0	21	my ($self, $tag) = @_;
419
420							# don't close if never opened
421	15	50				16	return unless grep { $_->{tag} eq $tag } @{ $self->{text_style} };
	66					116
	15					25
422
423	0					0	my $top;
424	0		0			0	while (@{ $self->{text_style} } && ($top = $self->{text_style}[-1]->{tag})) {
	0					0
425	0	0	0			0	if (($tag eq "td" && ($top eq "font" \|\| $top eq "td")) \|\|
			0
			0
			0
426							($tag eq "tr" && $top =~ /^(?:font\|td\|tr)$/))
427							{
428	0					0	pop @{ $self->{text_style} };
	0					0
429							}
430							else {
431	0					0	last;
432							}
433							}
434							}
435
436							sub close_tag {
437	292			292	0	456	my ($self, $tag) = @_;
438
439							# don't close if never opened
440	292	100				353	return if !grep { $_->{tag} eq $tag } @{ $self->{text_style} };
	1099					2156
	292					555
441
442							# close everything up to and including tag
443	277					413	while (my %current = %{ pop @{ $self->{text_style} } }) {
	288					318
	288					1519
444	288	100				1088	last if $current{tag} eq $tag;
445							}
446							}
447
448							sub text_style {
449	604			604	0	1110	my ($self, $tag, $attr, $num) = @_;
450
451							# treat <th> as <td>
452	604	50				1051	$tag = "td" if $tag eq "th";
453
454							# open
455	604	100				1049	if ($num == 1) {
456							# HTML browsers generally only use first <body> for colors,
457							# so only push if we haven't seen a body tag yet
458	304	100				543	if ($tag eq "body") {
459							# TODO: skip if we've already seen body
460							}
461
462							# change basefont (only change size)
463	304	0	33			517	if ($tag eq "basefont" &&
			0
464							exists $attr->{size} && $attr->{size} =~ /^\s*(\d+)/)
465							{
466	0					0	$self->{basefont} = $1;
467	0					0	return;
468							}
469
470							# close elements with optional end tags
471	304	100	100			964	$self->close_table_tag($tag) if ($tag eq "td" \|\| $tag eq "tr");
472
473							# copy current text state
474	304					398	my %new = %{ $self->{text_style}[-1] };
	304					1406
475
476							# change tag name!
477	304					585	$new{tag} = $tag;
478
479							# big and small tags
480	304	50				563	if ($tag eq "big") {
481	0					0	$new{size} += 1;
482	0					0	push @{ $self->{text_style} }, \%new;
	0					0
483	0					0	return;
484							}
485	304	50				565	if ($tag eq "small") {
486	0					0	$new{size} -= 1;
487	0					0	push @{ $self->{text_style} }, \%new;
	0					0
488	0					0	return;
489							}
490
491							# tag attributes
492	304					792	for my $name (keys %$attr) {
493	583	100				1222	next unless exists $ok_attributes{$tag}{$name};
494	244	100	66			879	if ($name eq "text" \|\| $name eq "color") {
		100
		100
		100
495							# two different names for text color
496	90					201	$new{fgcolor} = name_to_rgb($attr->{$name});
497							}
498							elsif ($name eq "size") {
499	105	50				474	if ($attr->{size} =~ /^\s*([+-]\d+)/) {
		50
500							# relative font size
501	0					0	$new{size} = $self->{basefont} + $1;
502							}
503							elsif ($attr->{size} =~ /^\s*(\d+)/) {
504							# absolute font size
505	105					284	$new{size} = $1;
506							}
507							}
508							elsif ($name eq 'style') {
509	8					15	$new{style} = $attr->{style};
510	8					20	my @parts = split(/;/, $new{style});
511	8					11	foreach (@parts) {
512	8	50				45	if (/^\s(background-)?color:\s(.+)\s*$/i) {
		50
513	0	0				0	my $whcolor = $1 ? 'bgcolor' : 'fgcolor';
514	0					0	my $value = lc $2;
515
516	0	0				0	if ($value =~ /rgb/) {
517	0					0	$value =~ tr/0-9,//cd;
518	0					0	my @rgb = split(/,/, $value);
519							$new{$whcolor} = sprintf("#%02x%02x%02x",
520	0	0				0	map { !$_ ? 0 : $_ > 255 ? 255 : $_ }
	0	0				0
521							@rgb[0..2]);
522							}
523							else {
524	0					0	$new{$whcolor} = name_to_rgb($value);
525							}
526							}
527							elsif (/^\s([a-z_-]+)\s:\s(\S.?)\s*$/i) {
528							# "display: none", "visibility: hidden", etc.
529	0					0	$new{'style_'.$1} = $2;
530							}
531							}
532							}
533							elsif ($name eq "bgcolor") {
534							# overwrite with hex value, $new{bgcolor} is set below
535	6					12	$attr->{bgcolor} = name_to_rgb($attr->{bgcolor});
536							}
537							else {
538							# attribute is probably okay
539	35					61	$new{$name} = $attr->{$name};
540							}
541
542	244	100				732	if ($new{size} > $self->{max_size}) {
		50
543	15					38	$self->{max_size} = $new{size};
544							}
545							elsif ($new{size} < $self->{min_size}) {
546	0					0	$self->{min_size} = $new{size};
547							}
548							}
549	304					407	push @{ $self->{text_style} }, \%new;
	304					910
550							}
551							# explicitly close a tag
552							else {
553	300	100				539	if ($tag ne "body") {
554							# don't close body since browsers seem to render text after </body>
555	292					543	$self->close_tag($tag);
556							}
557							}
558							}
559
560							sub html_font_invisible {
561	215			215	0	382	my ($self, $text) = @_;
562
563	215					390	my $fg = $self->{text_style}[-1]->{fgcolor};
564	215					304	my $bg = $self->{text_style}[-1]->{bgcolor};
565	215					303	my $size = $self->{text_style}[-1]->{size};
566	215					337	my $display = $self->{text_style}[-1]->{style_display};
567	215					273	my $visibility = $self->{text_style}[-1]->{style_visibility};
568
569							# invisibility
570	215	50				1122	if (substr($fg,-6) eq substr($bg,-6)) {
		50
571	0					0	$self->put_results(font_low_contrast => 1);
572	0					0	return 1;
573							# near-invisibility
574							} elsif ($fg =~ /^\#?([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})$/) {
575	215					782	my ($r1, $g1, $b1) = (hex($1), hex($2), hex($3));
576
577	215	50				620	if ($bg =~ /^\#?([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})$/) {
578	215					539	my ($r2, $g2, $b2) = (hex($1), hex($2), hex($3));
579
580	215					325	my $r = ($r1 - $r2);
581	215					324	my $g = ($g1 - $g2);
582	215					270	my $b = ($b1 - $b2);
583
584							# geometric distance weighted by brightness
585							# maximum distance is 191.151823601032
586	215					820	my $distance = ((0.2126$r)2 + (0.7152$g)*2 + (0.0722$b)2)0.5;
587
588							# the text is very difficult to read if the distance is under 12,
589							# a limit of 14 to 16 might be okay if the usage significantly
590							# increases (near-invisible text is at about 0.95% of spam and
591							# 1.25% of HTML spam right now), but please test any changes first
592	215	50				554	if ($distance < 12) {
593	0					0	$self->put_results(font_low_contrast => 1);
594	0					0	return 1;
595							}
596							}
597							}
598
599
600							# invalid color
601	215	50	33			761	if ($fg eq 'invalid' or $bg eq 'invalid') {
602	0					0	$self->put_results(font_invalid_color => 1);
603	0					0	return 1;
604							}
605
606							# size too small
607	215	50				387	if ($size <= 1) {
608	0					0	return 1;
609							}
610
611							# <span style="display: none">
612	215	50	33			392	if ($display && lc $display eq 'none') {
613	0					0	return 1;
614							}
615
616	215	50	33			410	if ($visibility && lc $visibility eq 'hidden') {
617	0					0	return 1;
618							}
619
620	215					484	return 0;
621							}
622
623							sub html_tests {
624	464			464	0	852	my ($self, $tag, $attr, $num) = @_;
625
626	464	100	100			1111	if ($tag eq "font" && exists $attr->{face}) {
627							# Fixes from Bug 5956, 7312
628							# Examples seen in ham:
629							# "Tahoma", Verdana, Arial, sans-serif
630							# 'Montserrat', sans-serif
631							# Arial,Helvetica,Sans-Serif;
632							# .SFUIDisplay
633							# hirakakupro-w3
634							# TODO: There's still the problem completely foreign unicode strings,
635							# probably this rule should be deprecated.
636	34	100				229	if ($attr->{face} !~ /^\s["'.]?[a-z ][a-z -][a-z]\d?["']?(?:,\s["']?[a-z][a-z -][a-z]\d?["']?)*;?$/i) {
637	4					8	$self->put_results(font_face_bad => 1);
638							}
639							}
640	464	100	100			953	if ($tag eq "img" && exists $self->{inside}{a} && $self->{inside}{a} > 0) {
			100
641	1					3	my $uri = $self->{anchor_last};
642	1	50				3	utf8::encode($uri) if $self->{SA_encode_results};
643	1					4	$self->{uri}->{$uri}->{anchor_text}->[-1] .= "<img>\n";
644	1					2	$self->{anchor}->[-1] .= "<img>\n";
645							}
646
647	464	50	66			874	if ($tag eq "img" && exists $attr->{width} && exists $attr->{height}) {
			33
648	7					8	my $width = 0;
649	7					7	my $height = 0;
650	7					7	my $area = 0;
651
652							# assume 800x600 screen for percentage values
653	7	50				27	if ($attr->{width} =~ /^(\d+)(\%)?$/) {
654	0					0	$width = $1;
655	0	0	0			0	$width *= 8 if (defined $2 && $2 eq "%");
656							}
657	7	50				22	if ($attr->{height} =~ /^(\d+)(\%)?$/) {
658	0					0	$height = $1;
659	0	0	0			0	$height *= 6 if (defined $2 && $2 eq "%");
660							}
661							# guess size
662	7	50				18	$width = 200 if $width <= 0;
663	7	50				12	$height = 200 if $height <= 0;
664	7	50	33			20	if ($width > 0 && $height > 0) {
665	7					9	$area = $width * $height;
666	7					15	$self->{image_area} += $area;
667							}
668							}
669	464	0	33			852	if ($tag eq "form" && exists $attr->{action}) {
670	0	0				0	$self->put_results(form_action_mailto => 1) if $attr->{action} =~ /mailto:/i
671							}
672	464	50	33			1562	if ($tag eq "object" \|\| $tag eq "embed") {
673	0					0	$self->put_results(embeds => 1);
674							}
675
676							# special text delimiters - <a> and <title>
677	464	100				968	if ($tag eq "a") {
678							my $uri = $self->{anchor_last} =
679	118	50				339	(exists $attr->{href} ? $self->canon_uri($attr->{href}) : "");
680	118	50				236	utf8::encode($uri) if $self->{SA_encode_results};
681	118					144	push(@{$self->{uri}->{$uri}->{anchor_text}}, '');
	118					363
682	118					175	push(@{$self->{anchor}}, '');
	118					275
683							}
684	464	100				877	if ($tag eq "title") {
685	1					2	$self->{title_index}++;
686	1					9	$self->{title}->[$self->{title_index}] = "";
687							}
688
689	464	100	66			4130	if ($tag eq "meta" &&
			33
			66
			66
690							exists $attr->{'http-equiv'} &&
691							exists $attr->{content} &&
692							$attr->{'http-equiv'} =~ /Content-Type/i &&
693							$attr->{content} =~ /\bcharset\s=\s["']?([^"']+)/i)
694							{
695	1	50				16	$self->{charsets} .= exists $self->{charsets} ? " $1" : $1;
696							}
697							}
698
699							sub display_text {
700	686			686	0	835	my $self = shift;
701	686					891	my $text = shift;
702	686					1172	my %display = @_;
703
704							# Unless it's specified to be invisible, then it's not invisible. ;)
705	686	50				1244	if (!exists $display{invisible}) {
706	686					979	$display{invisible} = 0;
707							}
708
709	686	100				1085	if ($display{whitespace}) {
710							# trim trailing whitespace from previous element if it was not whitespace
711							# and it was not invisible
712	202	100	100			236	if (@{ $self->{text} } &&
	202		66			676
			33
			66
713							(!defined $self->{text_whitespace} \|\|
714							!vec($self->{text_whitespace}, $#{$self->{text}}, 1)) &&
715							(!defined $self->{text_invisible} \|\|
716							!vec($self->{text_invisible}, $#{$self->{text}}, 1)))
717							{
718	185					454	$self->{text}->[-1] =~ s/ $//;
719							}
720							}
721							else {
722							# NBSP: UTF-8: C2 A0, ISO-8859-*: A0
723	484					2325	$text =~ s/[ \t\n\r\f\x0b]+\|\xc2\xa0/ /gs;
724							# trim leading whitespace if previous element was whitespace
725							# and current element is not invisible
726	484	100	66			682	if (@{ $self->{text} } && !$display{invisible} &&
	484		100			2400
			100
727							defined $self->{text_whitespace} &&
728	293					873	vec($self->{text_whitespace}, $#{$self->{text}}, 1))
729							{
730	185					468	$text =~ s/^ //;
731							}
732							}
733	686					993	push @{ $self->{text} }, $text;
	686					1421
734	686					1960	while (my ($k, $v) = each %display) {
735	888					1431	my $textvar = "text_".$k;
736	888	100				1616	if (!exists $self->{$textvar}) { $self->{$textvar} = ''; }
	13					46
737	888					1102	vec($self->{$textvar}, $#{$self->{text}}, 1) = $v;
	888					6828
738							}
739							}
740
741							sub html_text {
742	485			485	0	1035	my ($self, $text) = @_;
743	485	50				938	utf8::encode($text) if $self->{SA_encode_results};
744
745							# text that is not part of body
746	485	50	33			972	if (exists $self->{inside}{script} && $self->{inside}{script} > 0)
747							{
748	0					0	push @{ $self->{script} }, $text;
	0					0
749	0					0	return;
750							}
751	485	100	100			1001	if (exists $self->{inside}{style} && $self->{inside}{style} > 0) {
752	1					5	return;
753							}
754
755							# text that is part of body and also stored separately
756	484	100	100			1513	if (exists $self->{inside}{a} && $self->{inside}{a} > 0) {
757							# this doesn't worry about nested anchors
758	117					189	my $uri = $self->{anchor_last};
759	117	50				204	utf8::encode($uri) if $self->{SA_encode_results};
760	117					263	$self->{uri}->{$uri}->{anchor_text}->[-1] .= $text;
761	117					229	$self->{anchor}->[-1] .= $text;
762							}
763	484	100	100			1022	if (exists $self->{inside}{title} && $self->{inside}{title} > 0) {
764	1					3	$self->{title}->[$self->{title_index}] .= $text;
765							}
766
767	484					584	my $invisible_for_bayes = 0;
768
769							# NBSP: UTF-8: C2 A0, ISO-8859-*: A0
770							# Bug 7374 - regex recursion limit exceeded
771							#if ($text !~ /^(?:[ \t\n\r\f\x0b]\|\xc2\xa0)*\z/s) {
772							# .. alternative way, remove from string and see if there's anything left
773	484	100				531	if (do {(my $tmp = $text) =~ s/(?:[ \t\n\r\f\x0b]\|\xc2\xa0)//gs; length($tmp)}) {
	484					2546
	484					1231
774	215					488	$invisible_for_bayes = $self->html_font_invisible($text);
775							}
776
777	484	100				1037	if (exists $self->{text}->[-1]) {
778							# ideas discarded since they would be easy to evade:
779							# 1. using \w or [A-Za-z] instead of \S or non-punctuation
780							# 2. exempting certain tags
781							# no re "strict"; # since perl 5.21.8: Ranges of ASCII printables...
782	477	50	66			1802	if ($text =~ /^[^\s\x21-\x2f\x3a-\x40\x5b-\x60\x7b-\x7e]/s &&
783							$self->{text}->[-1] =~ /[^\s\x21-\x2f\x3a-\x40\x5b-\x60\x7b-\x7e]\z/s)
784							{
785	0					0	$self->{obfuscation}++;
786							}
787	477	100				1461	if ($self->{text}->[-1] =~
788							/\b([^\s\x21-\x2f\x3a-\x40\x5b-\x60\x7b-\x7e]{1,7})\z/s)
789							{
790	107					249	my $start = length($1);
791	107	50				356	if ($text =~ /^([^\s\x21-\x2f\x3a-\x40\x5b-\x60\x7b-\x7e]{1,7})\b/s) {
792	0					0	$self->{backhair}->{$start . "_" . length($1)}++;
793							}
794							}
795							}
796
797	484	50				869	if ($invisible_for_bayes) {
798	0					0	$self->display_text($text, invisible => 1);
799							}
800							else {
801	484					963	$self->display_text($text);
802							}
803							}
804
805							# note: $text includes <!-- and -->
806							sub html_comment {
807	1			1	0	4	my ($self, $text) = @_;
808	1	50				4	utf8::encode($text) if $self->{SA_encode_results};
809
810	1					2	push @{ $self->{comment} }, $text;
	1					6
811							}
812
813							sub html_declaration {
814	0			0	0	0	my ($self, $text) = @_;
815	0	0				0	utf8::encode($text) if $self->{SA_encode_results};
816
817	0	0				0	if ($text =~ /^<!doctype/i) {
818	0					0	my $tag = "!doctype";
819	0					0	$self->{elements}++;
820	0					0	$self->{tags}++;
821	0					0	$self->{inside}{$tag} = 0;
822							}
823							}
824
825							###########################################################################
826
827							my %html_color = (
828							# HTML 4 defined 16 colors
829							aqua => 0x00ffff,
830							black => 0x000000,
831							blue => 0x0000ff,
832							fuchsia => 0xff00ff,
833							gray => 0x808080,
834							green => 0x008000,
835							lime => 0x00ff00,
836							maroon => 0x800000,
837							navy => 0x000080,
838							olive => 0x808000,
839							purple => 0x800080,
840							red => 0xff0000,
841							silver => 0xc0c0c0,
842							teal => 0x008080,
843							white => 0xffffff,
844							yellow => 0xffff00,
845							# colors specified in CSS3 color module
846							aliceblue => 0xf0f8ff,
847							antiquewhite => 0xfaebd7,
848							aqua => 0x00ffff,
849							aquamarine => 0x7fffd4,
850							azure => 0xf0ffff,
851							beige => 0xf5f5dc,
852							bisque => 0xffe4c4,
853							black => 0x000000,
854							blanchedalmond => 0xffebcd,
855							blue => 0x0000ff,
856							blueviolet => 0x8a2be2,
857							brown => 0xa52a2a,
858							burlywood => 0xdeb887,
859							cadetblue => 0x5f9ea0,
860							chartreuse => 0x7fff00,
861							chocolate => 0xd2691e,
862							coral => 0xff7f50,
863							cornflowerblue => 0x6495ed,
864							cornsilk => 0xfff8dc,
865							crimson => 0xdc143c,
866							cyan => 0x00ffff,
867							darkblue => 0x00008b,
868							darkcyan => 0x008b8b,
869							darkgoldenrod => 0xb8860b,
870							darkgray => 0xa9a9a9,
871							darkgreen => 0x006400,
872							darkgrey => 0xa9a9a9,
873							darkkhaki => 0xbdb76b,
874							darkmagenta => 0x8b008b,
875							darkolivegreen => 0x556b2f,
876							darkorange => 0xff8c00,
877							darkorchid => 0x9932cc,
878							darkred => 0x8b0000,
879							darksalmon => 0xe9967a,
880							darkseagreen => 0x8fbc8f,
881							darkslateblue => 0x483d8b,
882							darkslategray => 0x2f4f4f,
883							darkslategrey => 0x2f4f4f,
884							darkturquoise => 0x00ced1,
885							darkviolet => 0x9400d3,
886							deeppink => 0xff1493,
887							deepskyblue => 0x00bfff,
888							dimgray => 0x696969,
889							dimgrey => 0x696969,
890							dodgerblue => 0x1e90ff,
891							firebrick => 0xb22222,
892							floralwhite => 0xfffaf0,
893							forestgreen => 0x228b22,
894							fuchsia => 0xff00ff,
895							gainsboro => 0xdcdcdc,
896							ghostwhite => 0xf8f8ff,
897							gold => 0xffd700,
898							goldenrod => 0xdaa520,
899							gray => 0x808080,
900							green => 0x008000,
901							greenyellow => 0xadff2f,
902							grey => 0x808080,
903							honeydew => 0xf0fff0,
904							hotpink => 0xff69b4,
905							indianred => 0xcd5c5c,
906							indigo => 0x4b0082,
907							ivory => 0xfffff0,
908							khaki => 0xf0e68c,
909							lavender => 0xe6e6fa,
910							lavenderblush => 0xfff0f5,
911							lawngreen => 0x7cfc00,
912							lemonchiffon => 0xfffacd,
913							lightblue => 0xadd8e6,
914							lightcoral => 0xf08080,
915							lightcyan => 0xe0ffff,
916							lightgoldenrodyellow => 0xfafad2,
917							lightgray => 0xd3d3d3,
918							lightgreen => 0x90ee90,
919							lightgrey => 0xd3d3d3,
920							lightpink => 0xffb6c1,
921							lightsalmon => 0xffa07a,
922							lightseagreen => 0x20b2aa,
923							lightskyblue => 0x87cefa,
924							lightslategray => 0x778899,
925							lightslategrey => 0x778899,
926							lightsteelblue => 0xb0c4de,
927							lightyellow => 0xffffe0,
928							lime => 0x00ff00,
929							limegreen => 0x32cd32,
930							linen => 0xfaf0e6,
931							magenta => 0xff00ff,
932							maroon => 0x800000,
933							mediumaquamarine => 0x66cdaa,
934							mediumblue => 0x0000cd,
935							mediumorchid => 0xba55d3,
936							mediumpurple => 0x9370db,
937							mediumseagreen => 0x3cb371,
938							mediumslateblue => 0x7b68ee,
939							mediumspringgreen => 0x00fa9a,
940							mediumturquoise => 0x48d1cc,
941							mediumvioletred => 0xc71585,
942							midnightblue => 0x191970,
943							mintcream => 0xf5fffa,
944							mistyrose => 0xffe4e1,
945							moccasin => 0xffe4b5,
946							navajowhite => 0xffdead,
947							navy => 0x000080,
948							oldlace => 0xfdf5e6,
949							olive => 0x808000,
950							olivedrab => 0x6b8e23,
951							orange => 0xffa500,
952							orangered => 0xff4500,
953							orchid => 0xda70d6,
954							palegoldenrod => 0xeee8aa,
955							palegreen => 0x98fb98,
956							paleturquoise => 0xafeeee,
957							palevioletred => 0xdb7093,
958							papayawhip => 0xffefd5,
959							peachpuff => 0xffdab9,
960							peru => 0xcd853f,
961							pink => 0xffc0cb,
962							plum => 0xdda0dd,
963							powderblue => 0xb0e0e6,
964							purple => 0x800080,
965							red => 0xff0000,
966							rosybrown => 0xbc8f8f,
967							royalblue => 0x4169e1,
968							saddlebrown => 0x8b4513,
969							salmon => 0xfa8072,
970							sandybrown => 0xf4a460,
971							seagreen => 0x2e8b57,
972							seashell => 0xfff5ee,
973							sienna => 0xa0522d,
974							silver => 0xc0c0c0,
975							skyblue => 0x87ceeb,
976							slateblue => 0x6a5acd,
977							slategray => 0x708090,
978							slategrey => 0x708090,
979							snow => 0xfffafa,
980							springgreen => 0x00ff7f,
981							steelblue => 0x4682b4,
982							tan => 0xd2b48c,
983							teal => 0x008080,
984							thistle => 0xd8bfd8,
985							tomato => 0xff6347,
986							turquoise => 0x40e0d0,
987							violet => 0xee82ee,
988							wheat => 0xf5deb3,
989							white => 0xffffff,
990							whitesmoke => 0xf5f5f5,
991							yellow => 0xffff00,
992							yellowgreen => 0x9acd32,
993							);
994
995							sub name_to_rgb_old {
996	0			0	0	0	my $color = lc $_[0];
997
998							# note: Mozilla strips leading and trailing whitespace at this point,
999							# but IE does not
1000
1001							# named colors
1002	0					0	my $hex = $html_color{$color};
1003	0	0				0	if (defined $hex) {
1004	0					0	return sprintf("#%06x", $hex);
1005							}
1006
1007							# Flex Hex: John Graham-Cumming, http://www.jgc.org/pdf/lisa2004.pdf
1008							# strip optional # character
1009	0					0	$color =~ s/^#//;
1010							# pad right-hand-side to a multiple of three
1011	0	0				0	$color .= "0" x (3 - (length($color) % 3)) if (length($color) % 3);
1012							# split into triplets
1013	0					0	my $length = length($color) / 3;
1014	0					0	my @colors = ($color =~ /(.{$length})(.{$length})(.{$length})/);
1015							# truncate each color to a DWORD, take MSB, left pad nibbles
1016	0					0	foreach (@colors) { s/.(.{8})$/$1/; s/(..)./$1/; s/^(.)$/0$1/ };
	0					0
	0					0
	0					0
1017							# the color
1018	0					0	$color = join("", @colors);
1019							# replace non-hex characters with 0
1020	0					0	$color =~ tr/0-9a-f/0/c;
1021
1022	0					0	return "#" . $color;
1023							}
1024
1025							sub name_to_rgb {
1026	124			124	0	8369	my $color = lc $_[0];
1027	124					179	my $before = $color;
1028
1029							# strip leading and ending whitespace
1030	124					465	$color =~ s/^\s*//;
1031	124					525	$color =~ s/\s*$//;
1032
1033							# named colors
1034	124					249	my $hex = $html_color{$color};
1035	124	100				252	if (defined $hex) {
1036	4					21	return sprintf("#%06x", $hex);
1037							}
1038
1039							# IF NOT A NAME, IT SHOULD BE A HEX COLOR, HEX SHORTHAND or rgb values
1040	120	100				338	if ($color =~ m/^[#a-f0-9]$\|rgb$[\d%, ]$/i) {
1041
1042							#Convert the RGB values to hex values so we can fall through on the programming
1043
1044							#RGB PERCENTS TO HEX
1045	105	100				197	if ($color =~ m/rgb$(\d+)%,\s(\d+)%,\s(\d+)%\s*$/i) {
1046	2					16	$color = "#".dec2hex(int($1/100255)).dec2hex(int($2/100255)).dec2hex(int($3/100*255));
1047							}
1048
1049							#RGB DEC TO HEX
1050	105	100				199	if ($color =~ m/rgb$(\d+),\s(\d+),\s(\d+)\s*$/i) {
1051	2					7	$color = "#".dec2hex($1).dec2hex($2).dec2hex($3);
1052							}
1053
1054							#PARSE THE HEX
1055	105	100				270	if ($color =~ m/^#/) {
1056							# strip to hex only
1057	99					332	$color =~ s/[^a-f0-9]//ig;
1058
1059							# strip to 6 if greater than 6
1060	99	100				244	if (length($color) > 6) {
1061	1					4	$color=substr($color,0,6);
1062							}
1063
1064							# strip to 3 if length < 6)
1065	99	50	66			341	if (length($color) > 3 && length($color) < 6) {
1066	0					0	$color=substr($color,0,3);
1067							}
1068
1069							# pad right-hand-side to a multiple of three
1070	99	100				237	$color .= "0" x (3 - (length($color) % 3)) if (length($color) % 3);
1071
1072							#DUPLICATE SHORTHAND HEX
1073	99	100				211	if (length($color) == 3) {
1074	3					9	$color =~ m/(.)(.)(.)/;
1075	3					16	$color = "$1$1$2$2$3$3";
1076							}
1077
1078							} else {
1079	6					18	return "invalid";
1080							}
1081
1082							} else {
1083							#INVALID
1084
1085							#??RETURN BLACK SINCE WE DO NOT KNOW HOW THE MUA / BROWSER WILL PARSE
1086							#$color = "000000";
1087
1088	15					39	return "invalid";
1089							}
1090
1091							#print "DEBUG: before/after name_to_rgb new version: $before/$color\n";
1092
1093	99					260	return "#" . $color;
1094							}
1095
1096							sub dec2hex {
1097	12			12	0	21	my ($dec) = @_;
1098	12					36	my ($pre) = '';
1099
1100	12	50				24	if ($dec < 16) {
1101	0					0	$pre = '0';
1102							}
1103
1104	12					52	return sprintf("$pre%lx", $dec);
1105							}
1106
1107
1108	40			40		415	use constant URI_STRICT => 0;
	40					86
	40					39538
1109
1110							# resolving relative URIs as defined in RFC 2396 (steps from section 5.2)
1111							# using draft http://www.gbiv.com/protocols/uri/rev-2002/rfc2396bis.html
1112							sub _parse_uri {
1113	346			346		532	my ($u) = @_;
1114	346					418	my %u;
1115	346					2023	($u{scheme}, $u{authority}, $u{path}, $u{query}, $u{fragment}) =
1116							$u =~ m\|^(?:([^:/?#]+):)?(?://([^/?#]))?([^?#])(?:\?([^#]))?(?:#(.))?\|;
1117	346					1700	return %u;
1118							}
1119
1120							sub _remove_dot_segments {
1121	170			170		294	my ($input) = @_;
1122	170					245	my $output = "";
1123
1124	170					309	$input =~ s@^(?:\.\.?/)@/@;
1125
1126	170					342	while ($input) {
1127	298	100				1331	if ($input =~ s@^/\.(?:$\|/)@/@) {
		100
		50
1128							}
1129							elsif ($input =~ s@^/\.\.(?:$\|/)@/@) {
1130	20					82	$output =~ s@/?[^/]*$@@;
1131							}
1132							elsif ($input =~ s@(/?[^/]*)@@) {
1133	269					877	$output .= $1;
1134							}
1135							}
1136	170					401	return $output;
1137							}
1138
1139							sub _merge_uri {
1140	92			92		179	my ($base_authority, $base_path, $r_path) = @_;
1141
1142	92	50	66			303	if (defined $base_authority && !$base_path) {
1143	0					0	return "/" . $r_path;
1144							}
1145							else {
1146	92	100				575	if ($base_path =~ m\|/\|) {
1147	34					172	$base_path =~ s\|(?<=/)[^/]*$\|\|;
1148							}
1149							else {
1150	58					88	$base_path = "";
1151							}
1152	92					308	return $base_path . $r_path;
1153							}
1154							}
1155
1156							sub target_uri {
1157	173			173	0	18334	my ($base, $r) = @_;
1158
1159	173					363	my %r = _parse_uri($r); # parsed relative URI
1160	173					346	my %base = _parse_uri($base); # parsed base URI
1161	173					289	my %t; # generated temporary URI
1162
1163	173	100	100			586	if ((not URI_STRICT) and
			100
1164							(defined $r{scheme} && defined $base{scheme}) and
1165							($r{scheme} eq $base{scheme}))
1166							{
1167	1					6	undef $r{scheme};
1168							}
1169
1170	173	100				375	if (defined $r{scheme}) {
1171	74					125	$t{scheme} = $r{scheme};
1172	74					125	$t{authority} = $r{authority};
1173	74					142	$t{path} = _remove_dot_segments($r{path});
1174	74					152	$t{query} = $r{query};
1175							}
1176							else {
1177	99	100				187	if (defined $r{authority}) {
1178	1					11	$t{authority} = $r{authority};
1179	1					6	$t{path} = _remove_dot_segments($r{path});
1180	1					3	$t{query} = $r{query};
1181							}
1182							else {
1183	98	100				188	if ($r{path} eq "") {
1184	3					7	$t{path} = $base{path};
1185	3	100				8	if (defined $r{query}) {
1186	1					4	$t{query} = $r{query};
1187							}
1188							else {
1189	2					6	$t{query} = $base{query};
1190							}
1191							}
1192							else {
1193	95	100				200	if ($r{path} =~ m\|^/\|) {
1194	3					11	$t{path} = _remove_dot_segments($r{path});
1195							}
1196							else {
1197	92					188	$t{path} = _merge_uri($base{authority}, $base{path}, $r{path});
1198	92					184	$t{path} = _remove_dot_segments($t{path});
1199							}
1200	95					161	$t{query} = $r{query};
1201							}
1202	98					199	$t{authority} = $base{authority};
1203							}
1204	99					165	$t{scheme} = $base{scheme};
1205							}
1206	173					251	$t{fragment} = $r{fragment};
1207
1208							# recompose URI
1209	173					226	my $result = "";
1210	173	100				336	if ($t{scheme}) {
		50
1211	115					226	$result .= $t{scheme} . ":";
1212							}
1213							elsif (defined $t{authority}) {
1214							# this block is not part of the RFC
1215							# TODO: figure out what MUAs actually do with unschemed URIs
1216							# maybe look at URI::Heuristic
1217	0	0				0	if ($t{authority} =~ /^www\d*\./i) {
		0
1218							# some spammers are using unschemed URIs to escape filters
1219	0					0	$result .= "http:";
1220							}
1221							elsif ($t{authority} =~ /^ftp\d*\./i) {
1222	0					0	$result .= "ftp:";
1223							}
1224							}
1225	173	100				344	if ($t{authority}) {
1226	106					203	$result .= "//" . $t{authority};
1227							}
1228	173					264	$result .= $t{path};
1229	173	100				371	if (defined $t{query}) {
1230	12					32	$result .= "?" . $t{query};
1231							}
1232	173	100				283	if (defined $t{fragment}) {
1233	6					12	$result .= "#" . $t{fragment};
1234							}
1235	173					631	return $result;
1236							}
1237
1238							1;
1239							__END__