fix: improve mailto BCC encoding

Use URI.encode_www_form() instead of URI.encode() for mailto query parameters. This is the safer choice for query parameter encoding. Add comment about mailto URL length limits that vary by email client.
2025-12-16 14:51:42 +01:00 · 2025-12-16 14:51:42 +01:00 · be6ea56860
commit be6ea56860
parent fb91f748c2
2 changed files with 5 additions and 1 deletions
--- a/lib/mv_web/live/member_live/index.ex
+++ b/lib/mv_web/live/member_live/index.ex
@ -1126,6 +1126,9 @@ defmodule MvWeb.MemberLive.Index do

  # Updates selection-related assigns (selected_count, any_selected?, mailto_bcc)
  # to avoid recalculating Enum.any? and Enum.count multiple times in templates.
+  #
+  # Note: Mailto URLs have length limits that vary by email client.
+  # For large selections, consider using export functionality instead.
  defp update_selection_assigns(socket) do
    members = socket.assigns.members
    selected_members = socket.assigns.selected_members
@ -1140,6 +1143,7 @@ defmodule MvWeb.MemberLive.Index do
      if any_selected? do
        format_selected_member_emails(members, selected_members)
        |> Enum.join(", ")
+        |> URI.encode_www_form()
      else
        ""
      end
--- a/lib/mv_web/live/member_live/index.html.heex
+++ b/lib/mv_web/live/member_live/index.html.heex
@ -16,7 +16,7 @@
      <.button
        class="secondary"
        id="open-email-btn"
-        href={"mailto:?bcc=" <> URI.encode(@mailto_bcc)}
+        href={"mailto:?bcc=" <> @mailto_bcc}
        disabled={not @any_selected?}
        aria-label={gettext("Open email program with BCC recipients")}
      >