feat: quote audit log values to avoid auto linking

Some e-mail services such as Gmail automatically convert things that look like a link into links even in HTML mails. This could be problematic for audit log entries as want to display the information as is without turning that into links. Adding <span> seems to help in this according to https://stackoverflow.com/a/23404042/225718
WeblateOrg · Oct 15, 2024 · 1bde1b8 · 1bde1b8
1 parent 260e78b
commit 1bde1b8
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 3 deletions.
diff --git a/weblate/accounts/models.py b/weblate/accounts/models.py
@@ -46,6 +46,7 @@
 from weblate.utils import messages
 from weblate.utils.decorators import disable_for_loaddata
 from weblate.utils.fields import EmailField
+from weblate.utils.html import mail_quote_value
 from weblate.utils.render import validate_editor
 from weblate.utils.request import get_ip_address, get_user_agent
 from weblate.utils.token import get_token
@@ -352,9 +353,9 @@ def get_params(self):
         }
         for name, value in self.params.items():
             if name in {"old", "new", "name", "email", "username"}:
-                value = format_html("<code>{}</code>", value)
+                value = format_html("<code>{}</code>", mail_quote_value(value))
             elif name in {"device", "project", "site_title", "method"}:
-                value = format_html("<strong>{}</strong>", value)
+                value = format_html("<strong>{}</strong>", mail_quote_value(value))
 
             result[name] = value
 

diff --git a/weblate/utils/html.py b/weblate/utils/html.py
@@ -9,10 +9,12 @@
 from typing import TYPE_CHECKING
 
 import nh3
+from django.utils.html import format_html, format_html_join
 from html2text import HTML2Text as _HTML2Text
 from lxml.etree import HTMLParser
 
 if TYPE_CHECKING:
+    from django.utils.safestring import SafeString
     from lxml.etree import ParserTarget
 
     from weblate.checks.flags import Flags
@@ -164,3 +166,25 @@ def handle_tag(self, tag: str, attrs: dict[str, str | None], start: bool) -> Non
             self.o(WEBLATE_TAGS[tag][not start])
             return
         super().handle_tag(tag, attrs, start)
+
+
+def mail_quote_char(text: str) -> str | SafeString:
+    if text in {":", "."}:
+        return format_html("<span>{}</span>", text)
+    return text
+
+
+def mail_quote_value(text: str) -> str | SafeString:
+    """
+    Quote value to be used in e-mail notifications.
+
+    This tries to avoid automatic conversion to links by Gmail
+    and similar services.
+
+    Solution based on https://stackoverflow.com/a/23404042/225718
+    """
+    return format_html_join(
+        "",
+        "{}",
+        ((mail_quote_char(part),) for part in re.split("([.:])", text)),
+    )
diff --git a/weblate/utils/tests/test_html.py b/weblate/utils/tests/test_html.py
@@ -7,7 +7,12 @@
 from django.test import SimpleTestCase
 
 from weblate.checks.flags import Flags
-from weblate.utils.html import HTML2Text, HTMLSanitizer, extract_html_tags
+from weblate.utils.html import (
+    HTML2Text,
+    HTMLSanitizer,
+    extract_html_tags,
+    mail_quote_value,
+)
 
 
 class HTMLSanitizerTestCase(SimpleTestCase):
@@ -104,3 +109,23 @@ def test_html2text_diff(self) -> None:
             html2text.handle("text<ins> </ins>"),
             "text{+ +}\n\n",
         )
+
+
+class MailQuoteTestCase(SimpleTestCase):
+    def test_plain(self):
+        self.assertEqual(
+            mail_quote_value("text"),
+            "text",
+        )
+
+    def test_dot(self):
+        self.assertEqual(
+            mail_quote_value("example.com"),
+            "example<span>.</span>com",
+        )
+
+    def test_url(self):
+        self.assertEqual(
+            mail_quote_value("https://test.example.com"),
+            "https<span>:</span>//test<span>.</span>example<span>.</span>com",
+        )