Don't escape HTML in the subject line of notification emails

CHANGELOG.md

@@ -8,6 +8,7 @@ All notable changes to this project will be documented in this file.
 
 ### Bug Fixes
 - "Get a single check" API call now supports read-only API keys (#346)
+- Don't escape HTML in the subject line of notification emails
 
 ## v1.14.0 - 2020-03-23
 

hc/api/tests/test_notify.py

@@ -345,6 +345,14 @@ class NotifyTestCase(BaseTestCase):
         self.assertEqual(Notification.objects.count(), 0)
         self.assertEqual(len(mail.outbox), 0)
 
+    def test_email_handles_amperstand(self):
+        self._setup_data("email", "[email protected]")
+        self.check.name = "Foo & Bar"
+        self.channel.notify(self.check)
+
+        email = mail.outbox[0]
+        self.assertEqual(email.subject, "DOWN | Foo & Bar")
+
     @patch("hc.api.transports.requests.request")
     def test_pd(self, mock_post):
         self._setup_data("pd", "123")

templates/emails/alert-subject.html

@@ -1,2 +1,2 @@
-{{ check.status|upper }} | {{ check.name_then_code }}
+{{ check.status|upper }} | {{ check.name_then_code|safe }}