feat(join): render join_description with auto-linked URLs and Markdown links

2026-06-03 12:06:48 +02:00 · 2026-06-03 12:06:48 +02:00 · cb5cb68483
commit cb5cb68483
parent b6c2cf58b1
2 changed files with 155 additions and 0 deletions
--- a/lib/mv_web/helpers/join_description_renderer.ex
+++ b/lib/mv_web/helpers/join_description_renderer.ex
@ -0,0 +1,70 @@
+defmodule MvWeb.Helpers.JoinDescriptionRenderer do
+  @moduledoc """
+  Renders a custom field's `join_description` into Phoenix-safe HTML for the
+  public join form.
+
+  The renderer auto-links two patterns into `<a href="...">` tags:
+
+  - Markdown links of the form `[text](url)` (processed first)
+  - bare `http(s)://` URLs in the remaining text
+
+  All other content is HTML-escaped: only `<a href="...">` tags are ever
+  emitted, so arbitrary HTML in the input is rendered as inert text. This is a
+  defense-in-depth measure — `join_description` is admin-set content, never
+  end-user input — but the renderer must not become a vector for injecting
+  arbitrary markup.
+
+  Markdown links are matched before bare URLs and their matched region is
+  consumed, so a Markdown link whose URL also looks like a bare URL is linked
+  exactly once (no nested anchors).
+  """
+
+  @markdown_link ~r/\[([^\]]+)\]\((https?:\/\/[^\s)]+)\)/
+  @bare_url ~r/(https?:\/\/[^\s<]+)/
+  @bare_url_anchored ~r/\A(https?:\/\/[^\s<]+)\z/
+
+  @doc """
+  Converts `value` to a Phoenix-safe HTML iolist.
+
+  Returns `{:safe, ""}` for `nil`. For a string, returns `{:safe, iolist}` with
+  links rendered and all other text HTML-escaped.
+  """
+  @spec render(String.t() | nil) :: Phoenix.HTML.safe()
+  def render(nil), do: {:safe, ""}
+
+  def render(value) when is_binary(value) do
+    {:safe, render_segments(value)}
+  end
+
+  # Split on Markdown links first; for each non-Markdown segment, link bare URLs;
+  # everything that is not a link is HTML-escaped.
+  defp render_segments(text) do
+    Regex.split(@markdown_link, text, include_captures: true)
+    |> Enum.map(&render_markdown_or_plain/1)
+  end
+
+  defp render_markdown_or_plain(segment) do
+    case Regex.run(@markdown_link, segment) do
+      [^segment, label, url] -> anchor(url, label)
+      _ -> render_plain(segment)
+    end
+  end
+
+  # Auto-link bare URLs in a plain-text segment, escaping all surrounding text.
+  defp render_plain(segment) do
+    Regex.split(@bare_url, segment, include_captures: true)
+    |> Enum.map(fn part ->
+      if Regex.match?(@bare_url_anchored, part) do
+        anchor(part, part)
+      else
+        escape(part)
+      end
+    end)
+  end
+
+  defp anchor(url, label) do
+    ["<a href=\"", escape(url), "\">", escape(label), "</a>"]
+  end
+
+  defp escape(text), do: Phoenix.HTML.html_escape(text) |> Phoenix.HTML.safe_to_string()
+end
--- a/test/mv_web/helpers/join_description_renderer_test.exs
+++ b/test/mv_web/helpers/join_description_renderer_test.exs
@ -0,0 +1,85 @@
+defmodule MvWeb.Helpers.JoinDescriptionRendererTest do
+  @moduledoc """
+  Tests for the join-description renderer that auto-links raw URLs and Markdown
+  links while escaping all other content.
+  """
+  use ExUnit.Case, async: true
+  use ExUnitProperties
+
+  alias MvWeb.Helpers.JoinDescriptionRenderer
+
+  defp html(value) do
+    value
+    |> JoinDescriptionRenderer.render()
+    |> Phoenix.HTML.safe_to_string()
+  end
+
+  describe "render/1" do
+    test "converts a raw URL to an anchor tag" do
+      result = html("Akzeptiere https://example.com/dsgvo")
+
+      assert result =~ ~s(<a href="https://example.com/dsgvo")
+      assert result =~ "https://example.com/dsgvo</a>"
+      assert result =~ "Akzeptiere "
+    end
+
+    test "converts Markdown [text](url) to an anchor tag with the link text" do
+      result = html("[Datenschutzerklärung](https://example.com/dsgvo)")
+
+      assert result =~ ~s(<a href="https://example.com/dsgvo")
+      assert result =~ ">Datenschutzerklärung</a>"
+    end
+
+    test "returns an empty safe string for nil input" do
+      assert JoinDescriptionRenderer.render(nil) == {:safe, ""}
+    end
+
+    test "escapes arbitrary HTML in non-link text" do
+      result = html("<script>alert(1)</script>")
+
+      refute result =~ "<script>"
+      assert result =~ "&lt;script&gt;"
+    end
+
+    test "does not double-link a Markdown link whose URL also looks like a raw URL" do
+      result = html("[Datenschutz](https://example.com/x)")
+
+      # exactly one anchor, no nested anchor for the inner raw URL
+      assert result |> :binary.matches("<a ") |> length() == 1
+    end
+  end
+
+  describe "property: link-free text" do
+    property "preserves non-link text content as HTML-escaped output" do
+      check all(text <- link_free_string()) do
+        result = html(text)
+
+        # No links emitted, and text content equals the HTML-escaped input.
+        refute result =~ "<a "
+        assert result == Phoenix.HTML.html_escape(text) |> Phoenix.HTML.safe_to_string()
+      end
+    end
+  end
+
+  describe "property: well-formed Markdown links" do
+    property "renders every [text](https://...) as a single anchor with verbatim text and url" do
+      check all(
+              label <- string(:alphanumeric, min_length: 1),
+              path <- string(:alphanumeric)
+            ) do
+        url = "https://example.com/#{path}"
+        result = html("[#{label}](#{url})")
+
+        assert result =~ ~s(<a href="#{url}">#{label}</a>)
+        assert result |> :binary.matches("<a ") |> length() == 1
+      end
+    end
+  end
+
+  # Printable strings that contain no bare URLs and no Markdown-link opening bracket.
+  defp link_free_string do
+    :printable
+    |> string()
+    |> filter(fn s -> not String.contains?(s, "http") and not String.contains?(s, "[") end)
+  end
+end