From 1ceedf237273b3a454c5361278fc66813eca691e Mon Sep 17 00:00:00 2001
From: Elian Doran <contact@eliandoran.me>
Date: Wed, 19 Nov 2025 08:59:52 +0200
Subject: [PATCH] fix(share): missing or protected notes leaking through
 reference links (closes #4801)

---
 .../type_widgets/text/ReadOnlyText.tsx        |  1 -
 apps/server/src/share/content_renderer.ts     | 23 +++++++++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/apps/client/src/widgets/type_widgets/text/ReadOnlyText.tsx b/apps/client/src/widgets/type_widgets/text/ReadOnlyText.tsx
index 5450958184..caa0302b8c 100644
--- a/apps/client/src/widgets/type_widgets/text/ReadOnlyText.tsx
+++ b/apps/client/src/widgets/type_widgets/text/ReadOnlyText.tsx
@@ -13,7 +13,6 @@ import { getLocaleById } from "../../../services/i18n";
 import { getMermaidConfig } from "../../../services/mermaid";
 import { loadIncludedNote, refreshIncludedNote, setupImageOpening } from "./utils";
 import { renderMathInElement } from "../../../services/math";
-import link from "../../../services/link";
 import { formatCodeBlocks } from "../../../services/syntax_highlight";
 import TouchBar, { TouchBarButton, TouchBarSpacer } from "../../react/TouchBar";
 import appContext from "../../../components/app_context";
diff --git a/apps/server/src/share/content_renderer.ts b/apps/server/src/share/content_renderer.ts
index 3c928cbfe5..dc9fac8ce9 100644
--- a/apps/server/src/share/content_renderer.ts
+++ b/apps/server/src/share/content_renderer.ts
@@ -321,6 +321,10 @@ function renderText(result: Result, note: SNote | BNote) {
             if (href?.startsWith("#")) {
                 handleAttachmentLink(linkEl, href, getNote, getAttachment);
             }
+
+            if (linkEl.classList.contains("reference-link")) {
+                cleanUpReferenceLinks(linkEl);
+            }
         }
 
         // Apply syntax highlight.
@@ -383,6 +387,25 @@ function handleAttachmentLink(linkEl: HTMLElement, href: string, getNote: (id: s
     }
 }
 
+/**
+ * Processes reference links to ensure that they are up to date. More specifically, reference links contain in their HTML source code the note title at the time of the linking. It can be changed in the mean-time or the note can become protected, which leaks information.
+ *
+ * @param linkEl the <a> element to process.
+ */
+function cleanUpReferenceLinks(linkEl: HTMLElement) {
+    const noteId = linkEl.getAttribute("href")?.split("/").at(-1);
+    const note = noteId ? shaca.getNote(noteId) : undefined;
+    let text = "";
+    if (!note) {
+        text = "[missing note]";
+    } else if (note.isProtected) {
+        text = "[protected]";
+    } else {
+        text = note.title;
+    }
+    linkEl.innerHTML = text;
+}
+
 /**
  * Renders a code note.
  */