From b1b5f9a476ecd16d82c4c9cde59b86d2efc582a2 Mon Sep 17 00:00:00 2001
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
Date: Sat, 12 Jul 2025 15:53:33 +0900
Subject: [PATCH 1/2] More tests for `check_to`

---
 test/uri/test_mailto.rb | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/test/uri/test_mailto.rb b/test/uri/test_mailto.rb
index e7c04ef..31adae2 100644
--- a/test/uri/test_mailto.rb
+++ b/test/uri/test_mailto.rb
@@ -165,6 +165,45 @@ def test_check_to
     assert_raise(URI::InvalidComponentError) do
       u.to = 'n.@invalid.email'
     end
+
+    # Invalid host emails
+    assert_raise(URI::InvalidComponentError) do
+      u.to = 'a@.invalid.email'
+    end
+
+    assert_raise(URI::InvalidComponentError) do
+      u.to = 'a@invalid.email.'
+    end
+
+    assert_raise(URI::InvalidComponentError) do
+      u.to = 'a@invalid..email'
+    end
+
+    assert_raise(URI::InvalidComponentError) do
+      u.to = 'a@-invalid.email'
+    end
+
+    assert_raise(URI::InvalidComponentError) do
+      u.to = 'a@invalid-.email'
+    end
+
+    assert_raise(URI::InvalidComponentError) do
+      u.to = 'a@invalid.-email'
+    end
+
+    assert_raise(URI::InvalidComponentError) do
+      u.to = 'a@invalid.email-'
+    end
+
+    u.to = 'a@'+'invalid'.ljust(63, 'd')+'.email'
+    assert_raise(URI::InvalidComponentError) do
+      u.to = 'a@'+'invalid'.ljust(64, 'd')+'.email'
+    end
+
+    u.to = 'a@invalid.'+'email'.rjust(63, 'e')
+    assert_raise(URI::InvalidComponentError) do
+      u.to = 'a@invalid.'+'email'.rjust(64, 'e')
+    end
   end
 
   def test_to_s

From 32335923bf4dd20d11480b8d45cdd97800e964cb Mon Sep 17 00:00:00 2001
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
Date: Sat, 12 Jul 2025 15:54:38 +0900
Subject: [PATCH 2/2] Prohibit successive dots in email

---
 lib/uri/mailto.rb       | 2 +-
 test/uri/test_mailto.rb | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/uri/mailto.rb b/lib/uri/mailto.rb
index a15d2f0..bd63aa0 100644
--- a/lib/uri/mailto.rb
+++ b/lib/uri/mailto.rb
@@ -52,7 +52,7 @@ class MailTo < Generic
     HEADER_REGEXP  = /\A(?<hfield>(?:%\h\h|[!$'-.0-;@-Z_a-z~])*=(?:%\h\h|[!$'-.0-;@-Z_a-z~])*)(?:&\g<hfield>)*\z/
     # practical regexp for email address
     # https://html.spec.whatwg.org/multipage/input.html#valid-e-mail-address
-    EMAIL_REGEXP = /\A(?!\.)[a-zA-Z0-9.!\#$%&'*+\/=?^_`{|}~-]+(?<!\.)@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*\z/
+    EMAIL_REGEXP = /\A(?!\.)(?!.*\.{2})[a-zA-Z0-9.!\#$%&'*+\/=?^_`{|}~-]+(?<!\.)@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*\z/
     # :startdoc:
 
     #
diff --git a/test/uri/test_mailto.rb b/test/uri/test_mailto.rb
index 31adae2..36e28df 100644
--- a/test/uri/test_mailto.rb
+++ b/test/uri/test_mailto.rb
@@ -166,6 +166,10 @@ def test_check_to
       u.to = 'n.@invalid.email'
     end
 
+    assert_raise(URI::InvalidComponentError) do
+      u.to = 'n..t@invalid.email'
+    end
+
     # Invalid host emails
     assert_raise(URI::InvalidComponentError) do
       u.to = 'a@.invalid.email'