From d1f3eebbabb4591f8f8ee2ffc13651c71d43f301 Mon Sep 17 00:00:00 2001
From: Thibaud Colas <thibaudcolas@gmail.com>
Date: Thu, 18 Jan 2018 18:15:12 +0200
Subject: [PATCH] Filter out mailto: links pasted in Draftail

---
 wagtail/admin/wagtail_hooks.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/wagtail/admin/wagtail_hooks.py b/wagtail/admin/wagtail_hooks.py
index 9dc9c7e47..d5271c60c 100644
--- a/wagtail/admin/wagtail_hooks.py
+++ b/wagtail/admin/wagtail_hooks.py
@@ -436,9 +436,14 @@ def register_core_features(features):
             # We want to enforce constraints on which links can be pasted into rich text.
             # Keep only the attributes Wagtail needs.
             'attributes': ['url', 'id', 'parentId'],
-            # Keep only links which are not anchors, or absolute links from outside of Wagtail.
+            # Keep only links which:
+            # - have an undefined href (only set when pasting), or
+            # - Do not start with # (anchor)
+            # - Do not start with / (internal)
+            # - Do not start with mailto: (email)
+            # For mailto, Wagtail does support those but they could come with query parameters that Wagtail does not support.
             'whitelist': {
-                'href': '^(?![#/])',
+                'href': '^(?!(#|/|mailto:))',
             }
         })
     )