From aa10bc92af3a29f045af16356925b68ca6980747 Mon Sep 17 00:00:00 2001 From: John Lees-Miller Date: Wed, 13 Aug 2025 14:39:22 +0100 Subject: [PATCH] Merge pull request #27890 from overleaf/jlm-spam-safe-email Apply new spam check to email address GitOrigin-RevId: 9e204ea75e930455971769a73843d015fc4a9033 --- services/web/app/src/Features/Email/SpamSafe.js | 9 ++++++++- services/web/test/unit/src/Email/SpamSafeTests.js | 5 +++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/services/web/app/src/Features/Email/SpamSafe.js b/services/web/app/src/Features/Email/SpamSafe.js index 0518d9cf1f..1c617977ee 100644 --- a/services/web/app/src/Features/Email/SpamSafe.js +++ b/services/web/app/src/Features/Email/SpamSafe.js @@ -34,7 +34,14 @@ const SpamSafe = { }, isSafeEmail(email) { - return EMAIL_REGEX.test(email) && email.length <= 40 + if (!EMAIL_REGEX.test(email) || email.length > 40) { + return false + } + + // All-digits, e.g. qq, is safe, but mixed digits and letters is not. + const localPart = email.split('@')[0] + const digitCount = countDigits(localPart) + return digitCount === localPart.length || digitCount <= 5 }, safeUserName(name, alternative, project) { diff --git a/services/web/test/unit/src/Email/SpamSafeTests.js b/services/web/test/unit/src/Email/SpamSafeTests.js index 82bbda7607..fa1770941c 100644 --- a/services/web/test/unit/src/Email/SpamSafeTests.js +++ b/services/web/test/unit/src/Email/SpamSafeTests.js @@ -42,6 +42,11 @@ describe('SpamSafe', function () { expect( SpamSafe.isSafeEmail('realistic-email+1@domain.sub-hyphen.com') ).to.equal(true) + expect(SpamSafe.isSafeEmail('jnd-9807408-1oos68@@example.com')).to.equal( + false + ) + expect(SpamSafe.isSafeEmail('123456789@example.com')).to.equal(true) + expect(SpamSafe.isSafeEmail('abcdefghi@example.com')).to.equal(true) expect(SpamSafe.isSafeEmail('notquiteRight@evil$.com')).to.equal(false) expect(SpamSafe.safeUserName('Tammy Weinstįen', 'A User')).to.equal(