remove email addresses from first line of quote email replies

oreoshake · oreoshake · commit 8a8e7b35b146 · 2016-03-29T13:59:30.000-10:00
diff --git a/Gemfile b/Gemfile
@@ -6,6 +6,7 @@ gemspec
 group :development do
   gem "bundler"
   gem "rake"
+  gem "pry"
 end
 
 group :test do
diff --git a/lib/html/pipeline/email_reply_filter.rb b/lib/html/pipeline/email_reply_filter.rb
@@ -27,6 +27,8 @@ class EmailReplyFilter < TextFilter
       EMAIL_SIGNATURE_HEADER = %(<div class="email-signature-reply">).freeze
       EMAIL_FRAGMENT_HEADER  = %(<div class="email-fragment">).freeze
       EMAIL_HEADER_END       = "</div>".freeze
+      EMAIL_REGEX            = /[^@\s.][^@\s]*@\[?[a-z0-9.-]+\]?/
+      HIDDEN_EMAIL_PATTERN   = "***@***.***"
 
       # Scans an email body to determine which bits are quoted and which should
       # be hidden. EmailReplyParser is used to split the comment into an Array
@@ -45,6 +47,11 @@ def call
         paragraphs = EmailReplyParser.read(text.dup).fragments.map do |fragment|
           pieces = [escape_html(fragment.to_s.strip).gsub(/^\s*(>|&gt;)/, '')]
           if fragment.quoted?
+            pieces.map! do |piece|
+              lines = piece.lines
+              lines.first.gsub!(EMAIL_REGEX, HIDDEN_EMAIL_PATTERN)
+              lines
+            end
             pieces.unshift EMAIL_QUOTED_HEADER
             pieces << EMAIL_HEADER_END
           elsif fragment.signature?
diff --git a/test/html/pipeline/email_reply_filter_test.rb b/test/html/pipeline/email_reply_filter_test.rb
@@ -0,0 +1,23 @@
+require "test_helper"
+
+EmailReplyFilter = HTML::Pipeline::EmailReplyFilter
+
+class HTML::Pipeline::EmailReplyFilterTest < Minitest::Test
+  def test_hides_email_addresses
+    filter = EmailReplyFilter.new(<<-EMAIL, :highlight => "coffeescript")
+Hey, don't send email addresses in comments. They aren't filtered.
+
+> On Mar 5, 2016, at 08:05, Hacker J. Hackerson <example@example.com> wrote:
+>
+> Sup. alreadyleaked@example.com
+>
+> —
+> Reply to this email directly or view it on GitHub.
+>
+EMAIL
+
+    doc = filter.call
+    refute_match %r(example@example.com), doc.to_s
+    assert_match %r(alreadyleaked@example.com), doc.to_s
+  end
+end
