Refactored CTA card button rendering

[sanne-san]

Ref https://linear.app/ghost/issue/PROD-1688/implement-button-corners-setting

• The button markup and styling are now consistent across the email template
• Added emailCustomizationAlpha feature flag to enable new CTA card button rendering

[coderabbitai]

"""

Walkthrough

The emailCTATemplate function in packages/kg-default-nodes/lib/nodes/call-to-action/calltoaction-renderer.js was refactored to introduce a feature-flagged alternate rendering path. When the emailCustomizationAlpha feature flag is present, the function generates updated HTML structures for both minimal and non-minimal layouts, including changes to table nesting, image containers, and button wrappers. The outer table now conditionally includes a sponsor label row and applies additional CSS classes based on dataset properties. If the feature flag is not set, the function retains the previous rendering logic. No changes were made to exported or public entity declarations.

Possibly related PRs

• Added cropped image as minimal image in CTA Card #1453: Both PRs modify the emailCTATemplate function to introduce feature-flagged or layout-specific rendering changes for email CTAs, including handling of minimal layout and image rendering.
• Consolidated button rendering for product, header and button cards #1516: Both PRs update email rendering functions with feature-flagged alternate HTML structures featuring nested table layouts and button markup for email customization.
• Added initial HTML and Email rendering #1434: This PR extends the emailCTATemplate function with feature-flagged alternate rendering, building on the initial rendering logic introduced in the related PR.

Suggested reviewers

• kevinansfield
  """

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

packages/kg-default-nodes/lib/nodes/call-to-action/calltoaction-renderer.js

Oops! Something went wrong! :(

ESLint: 8.57.1

Error: Failed to load parser '@babel/eslint-parser' declared in 'packages/kg-default-nodes/.eslintrc.js': Cannot find module '@babel/eslint-parser'
Require stack:

• /packages/kg-default-nodes/.eslintrc.js
  at Module._resolveFilename (node:internal/modules/cjs/loader:1248:15)
  at Function.resolve (node:internal/modules/helpers:145:19)
  at Object.resolve (/node_modules/@eslint/eslintrc/dist/eslintrc.cjs:2346:46)
  at ConfigArrayFactory._loadParser (/node_modules/@eslint/eslintrc/dist/eslintrc.cjs:3325:39)
  at ConfigArrayFactory._normalizeObjectConfigDataBody (/node_modules/@eslint/eslintrc/dist/eslintrc.cjs:3099:43)
  at _normalizeObjectConfigDataBody.next ()
  at ConfigArrayFactory._normalizeObjectConfigData (/node_modules/@eslint/eslintrc/dist/eslintrc.cjs:3040:20)
  at _normalizeObjectConfigData.next ()
  at ConfigArrayFactory.loadInDirectory (/node_modules/@eslint/eslintrc/dist/eslintrc.cjs:2886:28)
  at CascadingConfigArrayFactory._loadConfigInAncestors (/node_modules/@eslint/eslintrc/dist/eslintrc.cjs:3871:46)

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e3866ad and 1bdf186.

📒 Files selected for processing (2)

• packages/kg-default-nodes/lib/nodes/call-to-action/calltoaction-renderer.js (1 hunks)
• packages/kg-default-nodes/test/nodes/call-to-action.test.js (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/kg-default-nodes/lib/nodes/call-to-action/calltoaction-renderer.js

🧰 Additional context used

🧬 Code Graph Analysis (1)

packages/kg-default-nodes/test/nodes/call-to-action.test.js (1)

packages/kg-default-nodes/test/generate-decorator-node.test.js (1)

• editorTest (12-21)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Node 22.13.1
• GitHub Check: Node 20.11.1

🔇 Additional comments (1)

packages/kg-default-nodes/test/nodes/call-to-action.test.js (1)

482-494: Well-structured test for the new feature flag!

This test case appropriately verifies that the new emailCustomizationAlpha feature flag enables the alternate rendering path for CTA card buttons. The assertion correctly checks for the existence of a table.btn element, which confirms the new HTML structure is being generated.

As the feature matures, you might want to add more specific assertions to validate the button's styling, attributes, and overall structure, but this is a good starting point for a feature-flagged change.

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

packages/kg-default-nodes/lib/nodes/call-to-action/calltoaction-renderer.js (2)

112-121: Redundant style/class duplication on both <td> and inner <a>

The kg-style-accent class and inline buttonStyle are applied to both the <td> and its descendant <a>.
Apart from inflating the markup size, some email clients will only honour the first occurrence, leading to inconsistent colours.

A leaner variant keeps the styling on the <a> alone:

-    <td class="${dataset.buttonColor === 'accent' ? 'kg-style-accent' : ''}" style="${buttonStyle}">
-        <a href="${dataset.buttonUrl}"
-           class="${dataset.buttonColor === 'accent' ? 'kg-style-accent' : ''}"
-           style="${buttonStyle}">
+    <td>
+        <a href="${dataset.buttonUrl}"
+           class="${dataset.buttonColor === 'accent' ? 'kg-style-accent' : ''}"
+           style="${buttonStyle}">

---

96-99: Hard-coded alt text reduces accessibility

The alt attribute is always "CTA Image". Screen-reader users receive no meaningful description, and repeated identical alt text is announced for every CTA.

Consider accepting dataset.imageAlt (falling back to an empty string if not supplied) and apply it consistently:

- ${wrapWithLink(dataset, `<img src="${dataset.imageUrl}" alt="CTA Image" …>`)}
+ const alt = (dataset.imageAlt ?? '').replace(/"/g, '&quot;');
+ ${wrapWithLink(dataset, `<img src="${dataset.imageUrl}" alt="${alt}" …>`)}

Also applies to: 140-152, 253-265

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 824f27e and e3866ad.

📒 Files selected for processing (1)

• packages/kg-default-nodes/lib/nodes/call-to-action/calltoaction-renderer.js (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Node 20.11.1
• GitHub Check: Node 22.13.1

[coderabbitai]

🛠️ Refactor suggestion

Large duplicated template blocks – refactor for maintainability

The two renderContent lambdas (feature-flag branch vs fallback) are ~90 % identical. Future tweaks (e.g. button markup, class names) will have to be patched twice, increasing the chance of divergence.

Extract the shared pieces into helper functions or build the HTML using small, composable template builders. A quick win is to compute const isAlpha = options.feature?.emailCustomizationAlpha; and parametrize only the differences (e.g. wrapper class names).

[ Code-level idea, not prescriptive ]

function buttonTd(innerClass) {
    return `<td class="${innerClass}" style="${buttonStyle}">`;
}

Reducing duplication will aid reviewability and cut e-mail payload size.

Also applies to: 200-313

🤖 Prompt for AI Agents

In packages/kg-default-nodes/lib/nodes/call-to-action/calltoaction-renderer.js
between lines 87 and 134, the renderContent function is duplicated with about
90% identical code in the feature-flag branch and fallback. To fix this, extract
the common HTML template parts into reusable helper functions that generate
smaller pieces like the button markup or image container. Compute a single
boolean for the feature flag (e.g., isAlpha) and use it to conditionally adjust
only the differing parts such as class names or wrapper elements. This refactor
will reduce duplication, improve maintainability, and simplify future updates.

---

⚠️ Potential issue

Validate buttonUrl to prevent javascript: or other dangerous schemes

dataset.buttonUrl is interpolated directly into multiple <a href=""> attributes without any sanitisation or protocol checks. A malicious URL (javascript:alert(1), data:text/html;base64,…, etc.) could slip into outgoing emails or the web front-end.

Guard the URL early in the renderer (or, even better, in the card model) and fall back to a safe no-op if the scheme isn’t http, https, or mailto.

+const ALLOWED_PROTOCOLS = /^(https?|mailto):/i;
+if (!ALLOWED_PROTOCOLS.test(dataset.buttonUrl)) {
+    dataset.buttonUrl = '#';
+}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (options.feature?.emailCustomizationAlpha) {
	const renderContent = () => {
	if (dataset.layout === 'minimal') {
	return `
	<tr>
	<td class="kg-cta-content">
	<table border="0" cellpadding="0" cellspacing="0" width="100%" class="kg-cta-content-wrapper">
	<tr>
	${dataset.imageUrl ? `
	<td class="kg-cta-image-container" width="64">
	${wrapWithLink(dataset, `<img src="${dataset.imageUrl}" alt="CTA Image" class="kg-cta-image" width="64" height="64">`)}
	</td>
	` : ''}
	<td class="kg-cta-content-inner">
	<table border="0" cellpadding="0" cellspacing="0" width="100%">
	${dataset.textValue ? `
	<tr>
	<td class="kg-cta-text">
	${dataset.textValue}
	</td>
	</tr>
	` : ''}
	${showButton(dataset) ? `
	<tr>
	<td class="kg-cta-button-container">
	<table border="0" cellpadding="0" cellspacing="0" class="btn">
	<tr>
	<td class="${dataset.buttonColor === 'accent' ? 'kg-style-accent' : ''}" style="${buttonStyle}">
	<a href="${dataset.buttonUrl}"
	class="${dataset.buttonColor === 'accent' ? 'kg-style-accent' : ''}"
	style="${buttonStyle}"
	>
	${dataset.buttonText}
	</a>
	</td>
	</tr>
	</table>
	</td>
	</tr>
	` : ''}
	</table>
	</td>
	</tr>
	</table>
	</td>
	</tr>
	`;
	}
	if (options.feature?.emailCustomizationAlpha) {
	const renderContent = () => {
	// only allow http(s) or mailto schemes for buttonUrl
	const ALLOWED_PROTOCOLS = /^(https?|mailto):/i;
	if (!ALLOWED_PROTOCOLS.test(dataset.buttonUrl)) {
	dataset.buttonUrl = '#';
	}
	if (dataset.layout === 'minimal') {
	return `
	<tr>
	<td class="kg-cta-content">
	<table border="0" cellpadding="0" cellspacing="0" width="100%" class="kg-cta-content-wrapper">
	<tr>
	${dataset.imageUrl ? `
	<td class="kg-cta-image-container" width="64">
	${wrapWithLink(dataset, `<img src="${dataset.imageUrl}" alt="CTA Image" class="kg-cta-image" width="64" height="64">`)}
	</td>
	` : ''}
	<td class="kg-cta-content-inner">
	<table border="0" cellpadding="0" cellspacing="0" width="100%">
	${dataset.textValue ? `
	<tr>
	<td class="kg-cta-text">
	${dataset.textValue}
	</td>
	</tr>
	` : ''}
	${showButton(dataset) ? `
	<tr>
	<td class="kg-cta-button-container">
	<table border="0" cellpadding="0" cellspacing="0" class="btn">
	<tr>
	<td class="${dataset.buttonColor === 'accent' ? 'kg-style-accent' : ''}" style="${buttonStyle}">
	<a href="${dataset.buttonUrl}"
	class="${dataset.buttonColor === 'accent' ? 'kg-style-accent' : ''}"
	style="${buttonStyle}"
	>
	${dataset.buttonText}
	</a>
	</td>
	</tr>
	</table>
	</td>
	</tr>
	` : ''}
	</table>
	</td>
	</tr>
	</table>
	</td>
	</tr>
	`;
	}

🤖 Prompt for AI Agents

In packages/kg-default-nodes/lib/nodes/call-to-action/calltoaction-renderer.js
between lines 87 and 134, the dataset.buttonUrl is used directly in href
attributes without validation, which risks injection of dangerous URL schemes
like javascript:. To fix this, add a validation step before rendering that
checks if buttonUrl starts with http, https, or mailto; if not, replace it with
a safe fallback such as '#' or an empty string. This validation should be done
early in the renderContent function to ensure only safe URLs are used in the
anchor tags.