fix(job-alerts): replace direct mailto with secure in-app outreach#4350
fix(job-alerts): replace direct mailto with secure in-app outreach#4350Muskan2320 wants to merge 4 commits into
Conversation
…ith in-app outreach
|
@Muskan2320 is attempting to deploy a commit to the Anurag Mishra's projects Team on Vercel. A member of the Team first needs to authorize it. |
|
CodeAnt AI is reviewing your PR. |
Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (2)
📝 WalkthroughWalkthroughAdds email and URL safety helpers with tests, then updates ChangesSafe mailto and outreach flow
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
CodeAnt AI finished reviewing your PR. |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@frontend/src/pages/JobAlerts.jsx`:
- Around line 360-362: The handleApplyOnSite flow in JobAlerts currently opens
any truthy job.applyLink, so add a URL parse/validation step before window.open
and only proceed for http: or https: schemes. Update the handleApplyOnSite
function to reject or ignore javascript:, data:, and any other non-web
protocols, keeping the existing open-in-new-tab behavior only for validated
links.
In `@frontend/src/utils/emailCheck.js`:
- Around line 10-14: The sanitizeRecruiterEmail helper is mutating valid
recruiter addresses by stripping bare ampersands and truncating long inputs,
which can change the mailbox used by JobAlerts.jsx. Update
sanitizeRecruiterEmail to only remove a true query/fragment suffix from the raw
email string, keep valid local-part characters intact, and return an empty
string for inputs exceeding MAX_EMAIL_LENGTH instead of slicing them. Verify the
behavior in the sanitizeRecruiterEmail function and its downstream use in
JobAlerts.jsx so the same address is used for gating and the final mailto
target.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: ca626422-5fb1-4f53-910b-aab6ba33209e
📒 Files selected for processing (3)
frontend/src/__tests__/email.test.jsfrontend/src/pages/JobAlerts.jsxfrontend/src/utils/emailCheck.js
|
CodeAnt AI is running Incremental review |
Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
|
CodeAnt AI Incremental review completed. |
There was a problem hiding this comment.
♻️ Duplicate comments (1)
frontend/src/utils/emailCheck.js (1)
13-16: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick winDon't split on
?or#inside the mailbox.Line 15 still strips everything after the first
?or#, so valid local-parts likedev?jobs@company.comget changed before validation and before the finalmailto:target is built. Strip only an appended query/fragment suffix, not these characters anywhere in the address.Suggested fix
export function sanitizeRecruiterEmail(raw) { if (typeof raw !== 'string') return ''; - return raw - .trim() - .split(/[?#]/)[0] - .trim(); + const trimmed = raw.trim(); + const atIndex = trimmed.lastIndexOf('@'); + if (atIndex === -1) return trimmed; + + const suffixStart = [trimmed.indexOf('?', atIndex), trimmed.indexOf('#', atIndex)] + .filter(index => index >= 0) + .sort((a, b) => a - b)[0]; + + return (suffixStart == null ? trimmed : trimmed.slice(0, suffixStart)).trim(); }🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@frontend/src/utils/emailCheck.js` around lines 13 - 16, The email normalization in `emailCheck` is removing everything after the first `?` or `#`, which breaks valid mailbox local-parts like `dev?jobs@company.com`; update the trimming logic so it only removes an appended query or fragment suffix from an email-like input, not these characters when they appear inside the address. Keep the fix in the normalization flow used before validation and `mailto:` construction so the parsed address remains intact unless `?` or `#` clearly starts a trailing suffix.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Duplicate comments:
In `@frontend/src/utils/emailCheck.js`:
- Around line 13-16: The email normalization in `emailCheck` is removing
everything after the first `?` or `#`, which breaks valid mailbox local-parts
like `dev?jobs@company.com`; update the trimming logic so it only removes an
appended query or fragment suffix from an email-like input, not these characters
when they appear inside the address. Keep the fix in the normalization flow used
before validation and `mailto:` construction so the parsed address remains
intact unless `?` or `#` clearly starts a trailing suffix.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 8bc7bbfc-3fc3-46d5-8642-175659fd593f
📒 Files selected for processing (3)
frontend/src/__tests__/email.test.jsfrontend/src/pages/JobAlerts.jsxfrontend/src/utils/emailCheck.js
🚧 Files skipped from review as they are similar to previous changes (2)
- frontend/src/tests/email.test.js
- frontend/src/pages/JobAlerts.jsx
User description
Fixes #4254
Description
This PR improves the Job Alerts application flow by replacing the default direct
mailto:behavior with the existing in-app outreach flow while improving recruiter email security.Changes
mailto:Apply flow with the existing in-app outreach experience.Type of Change
Related Issue
Fixes #4254
Testing
npm run build).Checklist
Summary by CodeRabbit
CodeAnt-AI Description
Use in-app outreach for job applications and make email-based apply actions safer
What Changed
Impact
✅ Fewer unsafe mail app launches✅ Clearer apply flow for jobs with recruiter email✅ Fewer failed or unsafe application links💡 Usage Guide
Checking Your Pull Request
Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.
Talking to CodeAnt AI
Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:
This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.
Example
Preserve Org Learnings with CodeAnt
You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:
This helps CodeAnt AI learn and adapt to your team's coding style and standards.
Example
Retrigger review
Ask CodeAnt AI to review the PR again, by typing:
Check Your Repository Health
To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.