fix(share): missing or protected notes leaking through reference links (closes #4801)

Author: eliandoran

apps/client/src/widgets/type_widgets/text/ReadOnlyText.tsx

@@ -13,7 +13,6 @@ import { getLocaleById } from "../../../services/i18n";
 import { getMermaidConfig } from "../../../services/mermaid";
 import { loadIncludedNote, refreshIncludedNote, setupImageOpening } from "./utils";
 import { renderMathInElement } from "../../../services/math";
-import link from "../../../services/link";
 import { formatCodeBlocks } from "../../../services/syntax_highlight";
 import TouchBar, { TouchBarButton, TouchBarSpacer } from "../../react/TouchBar";
 import appContext from "../../../components/app_context";

apps/server/src/share/content_renderer.ts

@@ -321,6 +321,10 @@ function renderText(result: Result, note: SNote | BNote) {
             if (href?.startsWith("#")) {
                 handleAttachmentLink(linkEl, href, getNote, getAttachment);
             }
+
+            if (linkEl.classList.contains("reference-link")) {
+                cleanUpReferenceLinks(linkEl);
+            }
         }
 
         // Apply syntax highlight.
@@ -383,6 +387,25 @@ function handleAttachmentLink(linkEl: HTMLElement, href: string, getNote: (id: s
     }
 }
 
+/**
+ * Processes reference links to ensure that they are up to date. More specifically, reference links contain in their HTML source code the note title at the time of the linking. It can be changed in the mean-time or the note can become protected, which leaks information.
+ *
+ * @param linkEl the <a> element to process.
+ */
+function cleanUpReferenceLinks(linkEl: HTMLElement) {
+    const noteId = linkEl.getAttribute("href")?.split("/").at(-1);
+    const note = noteId ? shaca.getNote(noteId) : undefined;
+    let text = "";
+    if (!note) {
+        text = "[missing note]";
+    } else if (note.isProtected) {
+        text = "[protected]";
+    } else {
+        text = note.title;
+    }
+    linkEl.innerHTML = text;
+}
+
 /**
  * Renders a code note.
  */