fix(email): now email address obfuscation always returns the same output

* feat(helpers): determined results for email address obfuscation email address is used as the seed, so it should always provide the same result for a given mail. utilizes a random number generator shown here: https://stackoverflow.com/questions/521295/seeding-the-random-number-generator-in-javascript/47593316#47593316 * feat(helpers): added Math.imul() support for older browsers Co-authored-by: Estevão Soares dos Santos <estevao.santos@gmail.com>
2024-03-22 13:30:55 +08:00 · 2022-03-26 01:31:41 +01:00 · 2022-03-26 01:31:41 +01:00 · 949c2bcf86
commit 949c2bcf86
parent 0d3ca4da5a
3 changed files with 69 additions and 4 deletions
--- a/dist/showdown.js
+++ b/dist/showdown.js
--- a/src/helpers.js
+++ b/src/helpers.js
@ -320,11 +320,48 @@ showdown.helper.splitAtIndex = function (str, index) {
  return [str.substring(0, index), str.substring(index)];
 };

+
+/**
+ * MurmurHash3's mixing function
+ * https://stackoverflow.com/questions/521295/seeding-the-random-number-generator-in-javascript/47593316#47593316
+ *
+ * @param {string} string
+ * @returns {Number}
+ */
+/*jshint bitwise: false*/
+function xmur3 (str) {
+  for (var i = 0, h = 1779033703 ^ str.length; i < str.length; i++) {
+    h = Math.imul(h ^ str.charCodeAt(i), 3432918353);
+    h = h << 13 | h >>> 19;
+  }
+  return function () {
+    h = Math.imul(h ^ h >>> 16, 2246822507);
+    h = Math.imul(h ^ h >>> 13, 3266489909);
+    return (h ^= h >>> 16) >>> 0;
+  };
+}
+
+/**
+ * Random Number Generator
+ * https://stackoverflow.com/questions/521295/seeding-the-random-number-generator-in-javascript/47593316#47593316
+ *
+ * @param {Number} seed
+ * @returns {Number}
+ */
+/*jshint bitwise: false*/
+function mulberry32 (a) {
+  return function () {
+    var t = a += 0x6D2B79F5;
+    t = Math.imul(t ^ t >>> 15, t | 1);
+    t ^= t + Math.imul(t ^ t >>> 7, t | 61);
+    return ((t ^ t >>> 14) >>> 0) / 4294967296;
+  };
+}
+
 /**
 * Obfuscate an e-mail address through the use of Character Entities,
 * transforming ASCII characters into their equivalent decimal or hex entities.
 *
- * Since it has a random component, subsequent calls to this function produce different results
 *
 * @param {string} mail
 * @returns {string}
@ -343,12 +380,15 @@ showdown.helper.encodeEmailAddress = function (mail) {
    }
  ];

+  // RNG seeded with mail, so that we can get determined results for each email.
+  var rand = mulberry32(xmur3(mail));
+
  mail = mail.replace(/./g, function (ch) {
    if (ch === '@') {
      // this *must* be encoded. I insist.
-      ch = encode[Math.floor(Math.random() * 2)](ch);
+      ch = encode[Math.floor(rand() * 2)](ch);
    } else {
-      var r = Math.random();
+      var r = rand();
      // roughly 10% raw, 45% hex, 45% dec
      ch = (
        r > 0.9 ? encode[2](ch) : r > 0.45 ? encode[1](ch) : encode[0](ch)
@ -569,6 +609,26 @@ if (typeof (console) === 'undefined') {
  };
 }

+// Math.imul() polyfill
+// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/imul
+if (!Math.imul) {
+  Math.imul = function (opA, opB) {
+    opB |= 0; // ensure that opB is an integer. opA will automatically be coerced.
+    // floating points give us 53 bits of precision to work with plus 1 sign bit
+    // automatically handled for our convienence:
+    // 1. 0x003fffff /*opA & 0x000fffff*/ * 0x7fffffff /*opB*/ = 0x1fffff7fc00001
+    //    0x1fffff7fc00001 < Number.MAX_SAFE_INTEGER /*0x1fffffffffffff*/
+    var result = (opA & 0x003fffff) * opB;
+    // 2. We can remove an integer coersion from the statement above because:
+    //    0x1fffff7fc00001 + 0xffc00000 = 0x1fffffff800001
+    //    0x1fffffff800001 < Number.MAX_SAFE_INTEGER /*0x1fffffffffffff*/
+    if (opA & 0xffc00000 /*!== 0*/) {
+      result += (opA & 0xffc00000) * opB | 0;
+    }
+    return result | 0;
+  };
+}
+
 /**
 * Common regexes.
 * We declare some common regexes to improve performance
--- a/test/unit/showdown.helpers.js
+++ b/test/unit/showdown.helpers.js
@ -14,12 +14,17 @@ describe('encodeEmailAddress()', function () {
  'use strict';
  var encoder = showdown.helper.encodeEmailAddress,
      email = 'foobar@example.com',
-      encodedEmail = encoder(email);
+      encodedEmail = encoder(email),
+      encodedEmail2 = encoder(email);

  it('should encode email', function () {
    encodedEmail.should.not.equal(email);
  });

+  it('should encode email determinated', function () {
+    encodedEmail.should.equal(encodedEmail2);
+  });
+
  it('should decode to original email', function () {
    var decodedEmail = encodedEmail.replace(/&#(.+?);/g, function (wm, cc) {
      if (cc.charAt(0) === 'x') {