From bb57fc352231f2f3f311f5cf858a2bf8bb3f307a Mon Sep 17 00:00:00 2001
From: Joe Haines <hello@joehaines.co.uk>
Date: Tue, 23 Jan 2024 12:56:08 +0000
Subject: [PATCH 1/4] Handle mailto links in Cleaner#clean_url

---
 lib/bugsnag/cleaner.rb | 44 ++++++++++++++++++++++++++++++------------
 spec/cleaner_spec.rb   | 24 +++++++++++++++++++++++
 2 files changed, 56 insertions(+), 12 deletions(-)

diff --git a/lib/bugsnag/cleaner.rb b/lib/bugsnag/cleaner.rb
index 600ba8e1..238e04bd 100644
--- a/lib/bugsnag/cleaner.rb
+++ b/lib/bugsnag/cleaner.rb
@@ -36,19 +36,11 @@ def clean_url(url)
         return "#{pre_query_string}?#{FILTERED}"
       end
 
-      return url unless uri.query
-
-      query_params = uri.query.split('&').map { |pair| pair.split('=') }
-      query_params.map! do |key, val|
-        if filters_match?(key)
-          "#{key}=#{FILTERED}"
-        else
-          "#{key}=#{val}"
-        end
+      if uri.is_a?(URI::MailTo)
+        clean_mailto_url(url, uri)
+      else
+        clean_generic_url(url, uri)
       end
-
-      uri.query = query_params.join('&')
-      uri.to_s
     end
 
     ##
@@ -209,5 +201,33 @@ def scope_should_be_filtered?(scope)
         scope.start_with?("#{scope_to_filter}.")
       end
     end
+
+    def clean_generic_url(original_url, uri)
+      return original_url unless uri.query
+
+      query_params = uri.query.split('&').map { |pair| pair.split('=') }
+
+      uri.query = filter_uri_parameter_array(query_params).join('&')
+      uri.to_s
+    end
+
+    def clean_mailto_url(original_url, uri)
+      return original_url unless uri.headers
+
+      # headers in mailto links can't contain square brackets so we replace
+      # filtered parameters with 'FILTERED' instead of '[FILTERED]'
+      uri.headers = filter_uri_parameter_array(uri.headers, 'FILTERED').join('&')
+      uri.to_s
+    end
+
+    def filter_uri_parameter_array(parameters, replacement = FILTERED)
+      parameters.map do |key, value|
+        if filters_match?(key)
+          "#{key}=#{replacement}"
+        else
+          "#{key}=#{value}"
+        end
+      end
+    end
   end
 end
diff --git a/spec/cleaner_spec.rb b/spec/cleaner_spec.rb
index f6908dbe..417ff7b5 100644
--- a/spec/cleaner_spec.rb
+++ b/spec/cleaner_spec.rb
@@ -552,5 +552,29 @@ def to_s
       let(:url) { "https://host.example/a b c d e f g" }
       it { should eq "https://host.example/a b c d e f g" }
     end
+
+    context "with a mailto URL" do
+      let(:filters) { [/token/] }
+      let(:url) { "mailto:hello@example.com?token=secret&subject=Hello" }
+      it { should eq "mailto:hello@example.com?token=FILTERED&subject=Hello" }
+    end
+
+    context "with a mailto URL without a to address" do
+      let(:filters) { [/token/] }
+      let(:url) { "mailto:?subject=Hello&token=password" }
+      it { should eq "mailto:?subject=Hello&token=FILTERED" }
+    end
+
+    context "with a websocket URL" do
+      let(:filters) { [/secret/] }
+      let(:url) { "ws://example.com?abc=xyz&secret=password" }
+      it { should eq "ws://example.com?abc=xyz&secret=[FILTERED]" }
+    end
+
+    context "with a websocket over TLS URL" do
+      let(:filters) { [/secret/] }
+      let(:url) { "wss://example.com?abc=xyz&secret=password" }
+      it { should eq "wss://example.com?abc=xyz&secret=[FILTERED]" }
+    end
   end
 end

From 80b4a804ae97c59a5f145e8cf6164660653a97a8 Mon Sep 17 00:00:00 2001
From: Joe Haines <hello@joehaines.co.uk>
Date: Tue, 23 Jan 2024 12:59:46 +0000
Subject: [PATCH 2/4] Rescue unexpected errors

---
 lib/bugsnag/cleaner.rb | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/lib/bugsnag/cleaner.rb b/lib/bugsnag/cleaner.rb
index 238e04bd..33d0cd09 100644
--- a/lib/bugsnag/cleaner.rb
+++ b/lib/bugsnag/cleaner.rb
@@ -30,16 +30,18 @@ def clean_url(url)
 
       begin
         uri = URI(url)
+
+        if uri.is_a?(URI::MailTo)
+          clean_mailto_url(url, uri)
+        else
+          clean_generic_url(url, uri)
+        end
       rescue URI::InvalidURIError
         pre_query_string, _query_string = url.split('?', 2)
 
-        return "#{pre_query_string}?#{FILTERED}"
-      end
-
-      if uri.is_a?(URI::MailTo)
-        clean_mailto_url(url, uri)
-      else
-        clean_generic_url(url, uri)
+        "#{pre_query_string}?#{FILTERED}"
+      rescue StandardError
+        FILTERED
       end
     end
 

From 46e4d783483ea37d781d539196b889a714963fa3 Mon Sep 17 00:00:00 2001
From: Joe Haines <hello@joehaines.co.uk>
Date: Wed, 24 Jan 2024 09:41:57 +0000
Subject: [PATCH 3/4] Bump version

---
 VERSION | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VERSION b/VERSION
index dde9f42f..7eeb87d9 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-6.26.2
+6.26.3

From 6480ca23f31705db97086dde80d21f43f2f08f74 Mon Sep 17 00:00:00 2001
From: Joe Haines <hello@joehaines.co.uk>
Date: Wed, 24 Jan 2024 09:42:02 +0000
Subject: [PATCH 4/4] Update changelog

---
 CHANGELOG.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 37fd688d..68d4473f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,11 @@
 Changelog
 =========
 
+## v6.26.3 (24 January 2024)
+
+* Handle mailto links in `Cleaner#clean_url`
+  | [#813](https://github.com/bugsnag/bugsnag-ruby/pull/813)
+
 ## v6.26.2 (17 January 2024)
 
 ### Fixes