From c226d8e85ecd32c47811b3728f5f7195b21763f2 Mon Sep 17 00:00:00 2001 From: Andy Allan Date: Wed, 1 Feb 2023 18:57:16 +0000 Subject: [PATCH] Avoid converting conditional restriction tags into emails Fixes #3884 --- app/helpers/browse_tags_helper.rb | 5 ++++- test/helpers/browse_tags_helper_test.rb | 8 +++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/app/helpers/browse_tags_helper.rb b/app/helpers/browse_tags_helper.rb index 18598e88d..f95003aae 100644 --- a/app/helpers/browse_tags_helper.rb +++ b/app/helpers/browse_tags_helper.rb @@ -125,7 +125,10 @@ module BrowseTagsHelper nil end - def email_link(_key, value) + def email_link(key, value) + # Avoid converting conditional tags into emails, since EMAIL_REGEXP is quite permissive + return nil unless %w[email contact:email].include? key + # Does the value look like an email? eg "someone@domain.tld" # Uses Ruby built-in regexp to validate email. diff --git a/test/helpers/browse_tags_helper_test.rb b/test/helpers/browse_tags_helper_test.rb index a0e2e8fab..f9f977c49 100644 --- a/test/helpers/browse_tags_helper_test.rb +++ b/test/helpers/browse_tags_helper_test.rb @@ -50,7 +50,7 @@ class BrowseTagsHelperTest < ActionView::TestCase html = format_value("colour", "#f00") assert_dom_equal %(#f00), html - html = format_value("contact", "foo@example.com") + html = format_value("email", "foo@example.com") assert_dom_equal "foo@example.com", html html = format_value("source", "https://example.com") @@ -269,6 +269,12 @@ class BrowseTagsHelperTest < ActionView::TestCase # Strips whitespace at ends email = email_link("email", " test@email.com ") assert_equal "test@email.com", email + + email = email_link("contact:email", "example@example.com") + assert_equal "example@example.com", email + + email = email_link("maxweight:conditional", "none@agricultural") + assert_nil email end def test_telephone_links -- 2.43.2