From 51a4da320414cae5bfe876966715dab8c895dd68 Mon Sep 17 00:00:00 2001
From: Hadi Nategh <hn@stylite.de>
Date: Thu, 3 Dec 2015 11:07:03 +0000
Subject: [PATCH] Escape html entities for mailto URI otherwise server wont let
 them pass through as it may get mistaken for html tag - Fix addressbook email
 action does not work for some emails, eg. Mathias <Mathias@example.com>

---
 phpgwapi/js/jsapi/egw_open.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/phpgwapi/js/jsapi/egw_open.js b/phpgwapi/js/jsapi/egw_open.js
index 19fc4a6007..04a6b1b233 100644
--- a/phpgwapi/js/jsapi/egw_open.js
+++ b/phpgwapi/js/jsapi/egw_open.js
@@ -58,6 +58,13 @@ egw.extend('open', egw.MODULE_WND_LOCAL, function(_egw, _wnd)
 		var popup; 
 		// Get open compose windows
 		var compose = egw.getOpenWindows("mail", /(^compose_)||(^mail.compose)/);
+		
+		// Encode html entities in the URI, otheerwise server XSS protection wont
+		// allow it to pass, because it may get mistaken for some forbiden tags,
+		// e.g., "Mathias <mathias@example.com>" the first part of email "<mathias"
+		// including "<" would get mistaken for <math> tag, and server will cut it off.
+		uri = uri.replace(/</g,'&lt;').replace(/>/g,'&gt;');
+		
 		if(compose.length == 0)
 		{
 			// No compose windows, might be no mail app.js