[server] Mask email domain in public collection participants #8635
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f34fcaf7f8
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
server/pkg/utils/email/email.go
Outdated
| func maskForPublicUsername(s string) string { | ||
| if len(s) <= 2 { | ||
| return s | ||
| } | ||
| return s[:2] + strings.Repeat("*", len(s)-2) |
There was a problem hiding this comment.
The new masking uses byte indices (s[:2]) on the username (and similarly domain[0]/domain[len-1]), which will split multi‑byte UTF‑8 runes for non‑ASCII local parts or IDN domains (SMTPUTF8). That produces invalid UTF‑8 strings that encoding/json will replace with �, so public participant responses can contain replacement characters instead of a proper masked value. This is a regression from the old masking, which did not slice the string. Consider rune‑aware slicing (e.g., []rune) or utf8 helpers to keep valid characters while masking.
Useful? React with 👍 / 👎.
neeraj-pilot
force-pushed
the
masterEmail
branch
from
f34fcaf to
55d8411
Compare
2 participants
Summary
******@gmail.com)***+@+ first char of domain +***+ last char[email protected]→jo**@g*******mChanges
GetMaskedEmailForPublicfunction inpkg/utils/email/email.goParticipantsmethod inpkg/controller/public/comments.goto use the new masking