chore: sync public repository

app/services/legal_content.py

@@ -1,5 +1,8 @@
 from __future__ import annotations
 
+import html
+import re
+
 import markdown as markdown_lib
 import bleach
 
@@ -194,13 +197,36 @@ _ALLOWED_ATTRIBUTES = {
     'a': ['href', 'title', 'rel', 'target'],
 }
 _ALLOWED_PROTOCOLS = ['http', 'https', 'mailto']
+_EMAIL_RE = re.compile(r'(?P<email>[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,})', re.IGNORECASE)
+_MAILTO_LINK_RE = re.compile(
+    r'<a\b[^>]*href="mailto:(?P<href>[^"]+)"[^>]*>(?P<label>.*?)</a>',
+    re.IGNORECASE | re.DOTALL,
+)
 
 
 def default_site_content_markdown(key: str) -> str:
     return DEFAULT_SITE_CONTENT_MARKDOWN.get(key, '')
 
 
-def render_safe_markdown(markdown_text: str) -> str:
+def obfuscate_email_address(email: str) -> str:
+    local_part, _, domain = (email or '').partition('@')
+    if not local_part or not domain:
+        return email
+    return f"{local_part} [at] {domain.replace('.', ' [dot] ')}"
+
+
+def obfuscate_emails_in_html(html_text: str) -> str:
+    def replace_mailto_link(match: re.Match[str]) -> str:
+        href_email = html.unescape(match.group('href')).strip()
+        label = html.unescape(match.group('label')).strip()
+        email = href_email or label
+        return obfuscate_email_address(email)
+
+    html_text = _MAILTO_LINK_RE.sub(replace_mailto_link, html_text)
+    return _EMAIL_RE.sub(lambda match: obfuscate_email_address(match.group('email')), html_text)
+
+
+def render_safe_markdown(markdown_text: str, *, obfuscate_emails: bool = False) -> str:
     raw_html = markdown_lib.markdown(
         markdown_text or '',
         extensions=['extra', 'sane_lists'],
@@ -213,6 +239,8 @@ def render_safe_markdown(markdown_text: str) -> str:
         protocols=_ALLOWED_PROTOCOLS,
         strip=True,
     )
+    if obfuscate_emails:
+        return obfuscate_emails_in_html(cleaned)
     return bleach.linkify(cleaned)