hamlab/mobilizon-frontend
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Correctly escape user-defined names in emails

Browse Source 
Closes #1151

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel
2022-10-31 13:00:45 +01:00
parent 695d773d50
commit 470a3e594b
28 changed files with 162 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/web/templates/email/activity/_post_activity_item.html.heex
View File

@@ -1,30 +1,30 @@
<%= case @activity.subject do %>
<% :post_created -> %>
<%= dgettext("activity", "The post %{post} was created by %{profile}.", %{
profile: "<b>#{Mobilizon.Actors.Actor.display_name_and_username(@activity.author)}</b>",
profile: "<b>#{escaped_display_name_and_username(@activity.author)}</b>",
post:
"<a href=\"#{Routes.page_url(Mobilizon.Web.Endpoint,
:post,
@activity.subject_params["post_slug"]) |> URI.decode()}\">
#{@activity.subject_params["post_title"]}
#{escape_html(@activity.subject_params["post_title"])}
</a>"
})
|> raw %>
<% :post_updated -> %>
<%= dgettext("activity", "The post %{post} was updated by %{profile}.", %{
profile: "<b>#{Mobilizon.Actors.Actor.display_name_and_username(@activity.author)}</b>",
profile: "<b>#{escaped_display_name_and_username(@activity.author)}</b>",
post:
"<a href=\"#{Routes.page_url(Mobilizon.Web.Endpoint,
:post,
@activity.subject_params["post_slug"]) |> URI.decode()}\">
#{@activity.subject_params["post_title"]}
#{escape_html(@activity.subject_params["post_title"])}
</a>"
})
|> raw %>
<% :post_deleted -> %>
<%= dgettext("activity", "The post %{post} was deleted by %{profile}.", %{
profile: "<b>#{Mobilizon.Actors.Actor.display_name_and_username(@activity.author)}</b>",
post: "<b>#{@activity.subject_params["post_title"]}</b>"
profile: "<b>#{escaped_display_name_and_username(@activity.author)}</b>",
post: "<b>#{escape_html(@activity.subject_params["post_title"])}</b>"
})
|> raw %>
<% end %>